Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Being Blocked from Malaware Updates & going onto Malaware re

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Being Blocked from Malaware Updates & going onto Malaware re

Unread postby lehbird » September 5th, 2010, 9:26 am

Hello:

Last week I got ythe "Security Suite" Virus. I though I successfully removed it, but what I am finding is I can not update my Malaware Bytes or my PC Doctor programs. Also I can not get on websites which deal with Malaware removal. (It will either get redirected or say it can not find the page. (Irronically, I am able to get on your website though :P )

Anyway here, are my logs:

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2

9/5/2010 9:02:30 AM
mbam-log-2010-09-05 (09-02-30).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 1042977
Time elapsed: 4 hour(s), 22 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:20:37 PM, on 9/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
G:\Downloads\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = By D&E Jazzd
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CC6A2A3-9DA6-4BDE-A594-B5A79C80ED19}: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\System32\cmutil32.dll
O20 - Winlogon Notify: 38f353c3509 - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca3fe3dfb19044) (gupdate1ca3fe3dfb19044) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP M1319 Receive Fax Service (HPM1319RcvFaxSrvc) - Marvell - C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 10722 bytes

Uninstall List:

Flight One Software Meridian 2004
727 Freighter Expansion Model 2.3
727-100 Base Pack 2.3
727-200 Expansion Model Upgrade 2.4
737 Pilot in Command
757-200 Captain (Base)
AAV Digital Flight Recorder
Abexo Free Registry Cleaner
Active AirSource v3.27
Active Camera 2004 2.1 for FS 2004 (updated to 9.1)
Active Camera 2004 version 2.1 for FS 9.0
ActiveSky v6.5
Ad-Aware
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
Advanced SystemCare 3
Aerosoft's - DHC-6 Twin Otter X
AFX Demo
Airbus Series Vol.1 (FS2004)
Airport Chart
Airport Design Editor Version 1.37.5.0 (Patched from 1.20)
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AnswerWorks 5.0 English Runtime
AOLIcon
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
avast! Free Antivirus
AVS Update Manager 1.0
AVS Video Editor 4
AVS Video Recorder 2.4
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.3
Baseball Mogul 2009 DEMO
BFL Acars
BirdsEyeView
BirdsEyeView
Boeing B737NG Deluxe
Bonjour
Browser Defender 2.0.6.15
C-130 X-perience Pro Pack 1.3
Carbonite
CargoPilot (Shared Components)
CCScore
Choice Guard
CLOUD9 Washington 1.01
CLS 3 Airbus Pack FSX
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Coupon Printer for Windows
Creative Audio Console
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Tools
DefragExpress! V1.49
DeHavilland Dash-8-300 2.004.01
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
DellSupport
Delta Virtual Airlines 737NG (FSX)
Delta Virtual Airlines ACARS
Delta Virtual Airlines ACARS (beta) 2.1
Delta Virtual Airlines ACARS 2.2
DH Driver Cleaner Professional Edition
Digital Content Portal
Digital Line Detect
Diskeeper 2007 Home
DivX Player
DivX Web Player
Douglas DC-4 for FSX or FS2004
Drivers Install For Linksys Easylink Advisor
EA SPORTS online 2004
EducateU
ELIcon
EndItAll 2.0
Error Expert 1.5
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
FaxSendInstaller
FaxSetupInstaller
FeelThere PIC ERJ-145LR 1.2.6
FeelThere PIC ERJ-145LR for FSX 1.2.6
Flight 1 Software Cessna 441 - Conquest II 2.1
Flight 1 Software Cessna 441fsx - Conquest II 2.3
Flight One ATR 72-500
Flight One Software Pilatus PC-12 fsx
Flight One Text-o-Matic
FlightSim Commander
FLV Player 1.3.3
Fly the MADDOG 2006
Fly the MADDOG 2006 liveries
Fly the MADDOG 2008
FriendlyPanels FMC Pack1 for FSX & FS9
FS Flight Keeper
FS FlightTracker
FSacars
FSAutoStart
FSBuild 2.3
FSCheckride by CATIII Software
FSDZigns Lockheed 049A Constellation
FSFDT FSCopilot
FSFDT FSInn
FSFDT VIP Standard 2004
FSNavigator
Game Booster
Globe Cargo FSACARS
Globe Cargo PIREP
Globe Cargo PIREP v2.3.1
Google Chrome
Google Desktop
Google Earth
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMyPC
Ground Environment
Ground Environment X North America
GVA ACARS
GVA ACARS
Hawaii Oahu
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP LaserJet M1319 MFP Series
HP LaserJet M1319 MFP Series Toolbox
HP LaserJet Toolbox
HP Photo Printing Software
hp psc 900 series
HP Share-to-Web
iFly 747-400
iFly 747-400 Service Pack 3
InCabin Locate for FSX
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Jet City Aircraft 717-200
Just Flight - 757 Captain FSX
Just Flight - Cargo Pilot v1.00
KDTW Detroit
kgcbase
KIAD v1.3.1 for FS9 MetroAir Edition
KLGA La Guardia Demo Version
Kodak EasyShare software
Latin VFR MKJP FSX
LatinVFR Cayman Islands for FSX
Learn2 Player (Uninstall Only)
Legacy 'The Luxury Aircraft Collection'
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire PRO 5.1.3
links_ls.exe
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes' Anti-Malware
MaxBlast 3
MCU
MD80 for AAV
MegaSceneryX Las Vegas
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Combat Flight Simulator 3.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X
Microsoft Flight Simulator X SDK SP1A
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Links 2003
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2000
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.6)
MozyHome Remote Backup
MrvlUsgTracking
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
MVP Baseball 2005
MySQL Connector/ODBC 3.51
Navigraph nDAC 2
Navigraph nDAC 3
NEMETH DESIGNS - S-76 SPIRIT
netbrdg
NetWaiting
NetZeroInstallers
nHancer
NuRoads Configurator
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
O&O Defrag Professional Edition
Oakland Metro International Airport by M1DG
OfotoXMI
OOTP Baseball 2006
OpenAL
Out of the Park Baseball 8
Out of the Park Baseball 9
Overland - World Airlines (Airbus)
Overland - World Airlines for FSX (Airbus)
PFPortChecker 1.0.32
PMDG 747-400/400F for FSX
PMDG BAe JS4100
PMDG_BAe_JS4100_AX
PMDG_BAe_JS4100_N401TJ
PMDG_BAe_JS4100_OGN
PMDG744X_GE_QF2
PMDG744X_RR_BA
PMDG744XF_GE_5XF
PMDG744XF_GE_5YF
PMDG744XF_GE_POF
PMDG744XF_PW_FXF
PS Panels 737NG Version 1.1
PSS B777 Professional 2004 (777-200 LR) 2.1
PSS Boeing 757 Pro 2006 1.2
PVACARS
QualityWings 757-200 v1.00 (Model Package Beta)
Quicken 2009
QuickTime
Radar Contact Version 4.3
Ready for Pushback V2_10 Full Version
Real Environment Xtreme
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.0
ReceiveInstaller
RegCure
Registry Toolkit 1.3.0
Rhapsody Player Engine
RivaTuner v2.0 RC 16
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Saitek SST Programming Software
SAS_DC9v50
Scan To
SecondLife (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Self-Repair Technician
SFR
SHASTA
Shockwave
Shutterfly Plugin
SideWinder Precision 2
skin0001
SKINXSDK
Sonic Activation Module
Sonic CinePlayer DVD Pack
Sonic Update Manager
Sound Blaster Audigy 4
Sounds Best On Sound Blaster
Special Internet Offers
Spybot - Search & Destroy 1.4
Spyware Doctor 7.0
SquawkBox 3
Squawkbox 3 Model Set (FS2004)
staticcr
TeamSpeak 2 RC2
The Brown Box 1.0.7
The Print Shop 20
Tiger Woods PGA TOUR 08
tooltips
Total 3D Home Deluxe
TRS2006
TTS_Technology
TuneUp Utilities 2007
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Basic 2007
TurboTax ItsDeductible 2006
TweakFPS for FSX
Tweakui Powertoy for Windows XP
Ultimate Traffic
UltimateDefrag
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
VAFINANCIALS 4.0.1.26
VAFS
VAFS4
vasFMC 1.10
VAT-Spy
Ventrilo Client
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VisualTool
VLC media player 1.0.5
VPRINTOL
WebCyberCoach 3.2 Dell
WexTech AnswerWorks
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinPatrol 2008
WinRAR archiver
WinZip
WIRELESS
WordPerfect Office 12
X Graphics
XAcars for Microsoft Flightsimulator
XPax
X-treme King Air B200 v.2.0.1
XviD MPEG-4 Video Codec
Yahoo! Companion

Thank You !!!

Dave
lehbird
Regular Member
 
Posts: 40
Joined: September 5th, 2010, 12:01 am
Advertisement
Register to Remove

Re: Being Blocked from Malaware Updates & going onto Malawar

Unread postby km2357 » September 6th, 2010, 3:02 pm

Hello and welcome to Malware Removal.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Being Blocked from Malaware Updates & going onto Malawar

Unread postby lehbird » September 6th, 2010, 5:16 pm

Thanks for your reply. This should be everything you asked for. Thanks again !!!



DDS (Ver_10-03-17.01) - NTFSx86
Run by David N. Leh at 16:42:14.92 on Mon 09/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.891 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\MySoftware\intercom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Citrix\GoToMyPC\G2ProcessFactory.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\MySoftware\intercom.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Documents and Settings\David N. Leh\Desktop\dds.scr
C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&cli ... channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = By D&E Jazzd
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/ie
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\ycomp5_6_0_1.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Registry Toolkit] c:\program files\registry toolkit\RegToolkit.exe /scan
mRun: [RCSystem] "c:\program files\creative\shared files\module loader\DLLML.exe" RCSystem * -Startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [qbrskott] c:\documents and settings\david n. leh\local settings\application data\ovvxjjvwt\xhoqcbmshdw.exe
mRun: [Profiler] c:\program files\saitek\software\ProfilerU.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [enelfilm] c:\documents and settings\david n. leh\local settings\application data\wwjwjtwia\xwxmpagshdw.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [CTHelper] CTHELPER.EXE
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mysoft~1.lnk - c:\program files\common files\mysoftware\intercom.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: musicmatch.com\online
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... wmavax.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\windows\system32\cmutil32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davidn~1.leh\applic~1\mozilla\firefox\profiles\3uu73kfu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... n_dtid=&q=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================

2007-12-23 05:08:50 61 --sh--w- c:\windows\cnerolf.bin
2006-04-01 01:40:12 61 --sh--w- c:\windows\cnerolf.dat
2004-08-04 11:00:00 94784 --sh--w- c:\windows\twain.dll
2004-08-04 11:00:00 50688 --sh--w- c:\windows\twain_32.dll
2009-06-07 13:43:54 152 --sh--r- c:\windows\system32\501AA94F16.sys
2008-12-20 13:17:07 1531 --sha-w- c:\windows\system32\GroupPolicy000.dat
2004-08-04 11:00:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2007-12-04 18:38:13 550912 --sh--w- c:\windows\system32\oleaut32.dll
2004-08-04 11:00:00 83456 --sh--w- c:\windows\system32\olepro32.dll
2004-08-04 11:00:00 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 16:47:53.20 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-06 16:21:10
Windows 5.1.2600 Service Pack 2
Running: GMER.EXE; Driver: C:\WINDOWS\TEMP\ugroapod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA60139C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA6013AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/ALWIL Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----
You do not have the required permissions to view the files attached to this post.
lehbird
Regular Member
 
Posts: 40
Joined: September 5th, 2010, 12:01 am

Re: Being Blocked from Malaware Updates & going onto Malawar

Unread postby km2357 » September 6th, 2010, 7:53 pm

Thanks for the logs. :)

For some reason, the Installed Programs list in Attach.txt log was empty. I'd like a fresh Uninstall List from HJT in your nezt post/reply.

Step # 1: Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Being Blocked from Malaware Updates & going onto Malawar

Unread postby lehbird » September 6th, 2010, 8:16 pm

Thanks KM2357:

Here you go....

Flight One Software Meridian 2004
727 Freighter Expansion Model 2.3
727-100 Base Pack 2.3
727-200 Expansion Model Upgrade 2.4
737 Pilot in Command
757-200 Captain (Base)
AAV Digital Flight Recorder
Abexo Free Registry Cleaner
Active AirSource v3.27
Active Camera 2004 2.1 for FS 2004 (updated to 9.1)
Active Camera 2004 version 2.1 for FS 9.0
ActiveSky v6.5
Ad-Aware
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
Advanced SystemCare 3
Aerosoft's - DHC-6 Twin Otter X
AFX Demo
Airbus Series Vol.1 (FS2004)
Airport Chart
Airport Design Editor Version 1.37.5.0 (Patched from 1.20)
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AnswerWorks 5.0 English Runtime
AOLIcon
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
avast! Free Antivirus
AVS Update Manager 1.0
AVS Video Editor 4
AVS Video Recorder 2.4
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.3
Baseball Mogul 2009 DEMO
BFL Acars
BirdsEyeView
BirdsEyeView
Boeing B737NG Deluxe
Bonjour
Browser Defender 2.0.6.15
C-130 X-perience Pro Pack 1.3
Carbonite
CargoPilot (Shared Components)
CCScore
Choice Guard
CLOUD9 Washington 1.01
CLS 3 Airbus Pack FSX
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Coupon Printer for Windows
Creative Audio Console
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Tools
DefragExpress! V1.49
DeHavilland Dash-8-300 2.004.01
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
DellSupport
Delta Virtual Airlines 737NG (FSX)
Delta Virtual Airlines ACARS
Delta Virtual Airlines ACARS (beta) 2.1
Delta Virtual Airlines ACARS 2.2
DH Driver Cleaner Professional Edition
Digital Content Portal
Digital Line Detect
Diskeeper 2007 Home
DivX Player
DivX Web Player
Douglas DC-4 for FSX or FS2004
Drivers Install For Linksys Easylink Advisor
EA SPORTS online 2004
EducateU
ELIcon
EndItAll 2.0
Error Expert 1.5
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
FaxSendInstaller
FaxSetupInstaller
FeelThere PIC ERJ-145LR 1.2.6
FeelThere PIC ERJ-145LR for FSX 1.2.6
Flight 1 Software Cessna 441 - Conquest II 2.1
Flight 1 Software Cessna 441fsx - Conquest II 2.3
Flight One ATR 72-500
Flight One Software Pilatus PC-12 fsx
Flight One Text-o-Matic
FlightSim Commander
FLV Player 1.3.3
Fly the MADDOG 2006
Fly the MADDOG 2006 liveries
Fly the MADDOG 2008
FriendlyPanels FMC Pack1 for FSX & FS9
FS Flight Keeper
FS FlightTracker
FSacars
FSAutoStart
FSBuild 2.3
FSCheckride by CATIII Software
FSDZigns Lockheed 049A Constellation
FSFDT FSCopilot
FSFDT FSInn
FSFDT VIP Standard 2004
FSNavigator
Game Booster
Globe Cargo FSACARS
Globe Cargo PIREP
Globe Cargo PIREP v2.3.1
Google Chrome
Google Desktop
Google Earth
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMyPC
Ground Environment
Ground Environment X North America
GVA ACARS
GVA ACARS
Hawaii Oahu
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP LaserJet M1319 MFP Series
HP LaserJet M1319 MFP Series Toolbox
HP LaserJet Toolbox
HP Photo Printing Software
hp psc 900 series
HP Share-to-Web
iFly 747-400
iFly 747-400 Service Pack 3
InCabin Locate for FSX
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Jet City Aircraft 717-200
Just Flight - 757 Captain FSX
Just Flight - Cargo Pilot v1.00
KDTW Detroit
kgcbase
KIAD v1.3.1 for FS9 MetroAir Edition
KLGA La Guardia Demo Version
Kodak EasyShare software
Latin VFR MKJP FSX
LatinVFR Cayman Islands for FSX
Learn2 Player (Uninstall Only)
Legacy 'The Luxury Aircraft Collection'
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire PRO 5.1.3
links_ls.exe
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes' Anti-Malware
MaxBlast 3
MCU
MD80 for AAV
MegaSceneryX Las Vegas
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Combat Flight Simulator 3.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X
Microsoft Flight Simulator X SDK SP1A
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Links 2003
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2000
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.6.8)
MozyHome Remote Backup
MrvlUsgTracking
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
MVP Baseball 2005
MySQL Connector/ODBC 3.51
Navigraph nDAC 2
Navigraph nDAC 3
NEMETH DESIGNS - S-76 SPIRIT
netbrdg
NetWaiting
NetZeroInstallers
nHancer
NuRoads Configurator
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
O&O Defrag Professional Edition
Oakland Metro International Airport by M1DG
OfotoXMI
OOTP Baseball 2006
OpenAL
Out of the Park Baseball 8
Out of the Park Baseball 9
Overland - World Airlines (Airbus)
Overland - World Airlines for FSX (Airbus)
PFPortChecker 1.0.32
PMDG 747-400/400F for FSX
PMDG BAe JS4100
PMDG_BAe_JS4100_AX
PMDG_BAe_JS4100_N401TJ
PMDG_BAe_JS4100_OGN
PMDG744X_GE_QF2
PMDG744X_RR_BA
PMDG744XF_GE_5XF
PMDG744XF_GE_5YF
PMDG744XF_GE_POF
PMDG744XF_PW_FXF
PS Panels 737NG Version 1.1
PSS B777 Professional 2004 (777-200 LR) 2.1
PSS Boeing 757 Pro 2006 1.2
PVACARS
QualityWings 757-200 v1.00 (Model Package Beta)
Quicken 2009
QuickTime
Radar Contact Version 4.3
Ready for Pushback V2_10 Full Version
Real Environment Xtreme
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.0
ReceiveInstaller
RegCure
Registry Toolkit 1.3.0
Rhapsody Player Engine
RivaTuner v2.0 RC 16
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Saitek SST Programming Software
SAS_DC9v50
Scan To
SecondLife (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Self-Repair Technician
SFR
SHASTA
Shockwave
Shutterfly Plugin
SideWinder Precision 2
skin0001
SKINXSDK
Sonic Activation Module
Sonic CinePlayer DVD Pack
Sonic Update Manager
Sound Blaster Audigy 4
Sounds Best On Sound Blaster
Special Internet Offers
Spybot - Search & Destroy 1.4
Spyware Doctor 7.0
SquawkBox 3
Squawkbox 3 Model Set (FS2004)
staticcr
TeamSpeak 2 RC2
The Brown Box 1.0.7
The Print Shop 20
Tiger Woods PGA TOUR 08
tooltips
Total 3D Home Deluxe
TRS2006
TTS_Technology
TuneUp Utilities 2007
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Basic 2007
TurboTax ItsDeductible 2006
TweakFPS for FSX
Tweakui Powertoy for Windows XP
Ultimate Traffic
UltimateDefrag
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
VAFINANCIALS 4.0.1.26
VAFS
VAFS4
vasFMC 1.10
VAT-Spy
Ventrilo Client
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VisualTool
VLC media player 1.0.5
VPRINTOL
WebCyberCoach 3.2 Dell
WexTech AnswerWorks
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinPatrol 2008
WinRAR archiver
WinZip
WIRELESS
WordPerfect Office 12
X Graphics
XAcars for Microsoft Flightsimulator
XPax
X-treme King Air B200 v.2.0.1
XviD MPEG-4 Video Codec
Yahoo! Companion
lehbird
Regular Member
 
Posts: 40
Joined: September 5th, 2010, 12:01 am

Re: Being Blocked from Malaware Updates & going onto Malawar

Unread postby km2357 » September 7th, 2010, 2:37 pm

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire PRO 5.1.3

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Reboot your computer after you have uninstalled the programs above.

Please run DDS when finished and post the log back here.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Being Blocked from Malaware Updates & going onto Malawar

Unread postby lehbird » September 7th, 2010, 5:35 pm

I uninstalled Limewire as requested and here are my logs....

Thanks!!!



DDS (Ver_10-03-17.01) - NTFSx86
Run by David N. Leh at 17:21:22.18 on Tue 09/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1067 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\MySoftware\intercom.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\David N. Leh\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&cli ... channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = By D&E Jazzd
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/ie
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\ycomp5_6_0_1.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Registry Toolkit] c:\program files\registry toolkit\RegToolkit.exe /scan
mRun: [RCSystem] "c:\program files\creative\shared files\module loader\DLLML.exe" RCSystem * -Startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [qbrskott] c:\documents and settings\david n. leh\local settings\application data\ovvxjjvwt\xhoqcbmshdw.exe
mRun: [Profiler] c:\program files\saitek\software\ProfilerU.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [enelfilm] c:\documents and settings\david n. leh\local settings\application data\wwjwjtwia\xwxmpagshdw.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [CTHelper] CTHELPER.EXE
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mysoft~1.lnk - c:\program files\common files\mysoftware\intercom.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: musicmatch.com\online
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... wmavax.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\windows\system32\cmutil32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davidn~1.leh\applic~1\mozilla\firefox\profiles\3uu73kfu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... n_dtid=&q=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================

2007-12-23 05:08:50 61 --sh--w- c:\windows\cnerolf.bin
2006-04-01 01:40:12 61 --sh--w- c:\windows\cnerolf.dat
2004-08-04 11:00:00 94784 --sh--w- c:\windows\twain.dll
2004-08-04 11:00:00 50688 --sh--w- c:\windows\twain_32.dll
2009-06-07 13:43:54 152 --sh--r- c:\windows\system32\501AA94F16.sys
2008-12-20 13:17:07 1531 --sha-w- c:\windows\system32\GroupPolicy000.dat
2004-08-04 11:00:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2007-12-04 18:38:13 550912 --sh--w- c:\windows\system32\oleaut32.dll
2004-08-04 11:00:00 83456 --sh--w- c:\windows\system32\olepro32.dll
2004-08-04 11:00:00 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 17:30:31.67 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume3
Install Date: 3/25/2006 12:00:37 AM
System Uptime: 9/7/2010 5:15:32 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | G31MX-S2
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2333/333mhz
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2333/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 463 GiB total, 337.187 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 149 GiB total, 49.264 GiB free.
G: is FIXED (FAT32) - 466 GiB total, 389.755 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1482: 11/21/2009 11:46:25 AM - Installed Globe Cargo PIREP
RP1483: 11/21/2009 12:19:47 PM - Installed PMDG744X_GE_QF2
RP1484: 11/22/2009 3:00:11 AM - Software Distribution Service 3.0
RP1485: 11/23/2009 3:00:15 AM - Software Distribution Service 3.0
RP1486: 11/24/2009 3:00:15 AM - Software Distribution Service 3.0
RP1487: 11/25/2009 3:00:16 AM - Software Distribution Service 3.0
RP1488: 11/25/2009 3:04:09 AM - Installed Windows XP KB973687.
RP1489: 11/25/2009 3:04:27 AM - Installed Windows XP KB976098-v2.
RP1490: 11/25/2009 9:26:21 AM - Software Distribution Service 3.0
RP1491: 11/26/2009 3:00:11 AM - Software Distribution Service 3.0
RP1492: 11/26/2009 6:02:37 AM - Software Distribution Service 3.0
RP1493: 11/28/2009 10:48:13 PM - Software Distribution Service 3.0
RP1494: 11/29/2009 3:00:16 AM - Software Distribution Service 3.0
RP1495: 11/30/2009 3:00:15 AM - Software Distribution Service 3.0
RP1496: 11/30/2009 10:25:42 PM - Installed MLB 2K9
RP1497: 11/30/2009 10:40:42 PM - Installed DirectX
RP1498: 12/1/2009 3:00:11 AM - Software Distribution Service 3.0
RP1499: 12/2/2009 3:01:23 AM - Software Distribution Service 3.0
RP1500: 12/3/2009 3:00:14 AM - Software Distribution Service 3.0
RP1501: 12/4/2009 3:00:15 AM - Software Distribution Service 3.0
RP1502: 12/5/2009 3:00:15 AM - Software Distribution Service 3.0
RP1503: 12/5/2009 12:32:51 PM - Software Distribution Service 3.0
RP1504: 12/5/2009 12:34:23 PM - Software Distribution Service 3.0
RP1505: 12/6/2009 1:04:07 PM - System Checkpoint
RP1506: 12/6/2009 6:12:25 PM - Software Distribution Service 3.0
RP1507: 12/7/2009 11:51:17 PM - System Checkpoint
RP1508: 12/9/2009 12:49:54 AM - System Checkpoint
RP1509: 12/10/2009 1:49:54 AM - System Checkpoint
RP1510: 12/11/2009 2:49:58 AM - System Checkpoint
RP1511: 12/12/2009 3:49:58 AM - System Checkpoint
RP1512: 12/13/2009 3:56:49 AM - System Checkpoint
RP1513: 12/14/2009 4:56:49 AM - System Checkpoint
RP1514: 12/15/2009 5:56:45 AM - System Checkpoint
RP1515: 12/16/2009 6:56:45 AM - System Checkpoint
RP1516: 12/17/2009 6:56:45 AM - System Checkpoint
RP1517: 12/18/2009 7:08:45 AM - System Checkpoint
RP1518: 12/19/2009 9:11:19 AM - System Checkpoint
RP1519: 12/20/2009 9:38:07 AM - System Checkpoint
RP1520: 12/21/2009 9:50:02 AM - System Checkpoint
RP1521: 12/22/2009 10:38:07 AM - System Checkpoint
RP1522: 12/23/2009 11:38:03 AM - System Checkpoint
RP1523: 12/24/2009 12:38:02 PM - System Checkpoint
RP1524: 12/25/2009 12:38:02 PM - System Checkpoint
RP1525: 12/27/2009 1:25:36 AM - System Checkpoint
RP1526: 12/28/2009 1:32:22 AM - System Checkpoint
RP1527: 12/29/2009 1:44:22 AM - System Checkpoint
RP1528: 12/30/2009 12:35:57 AM - Installed PMDG744X_RR_BA
RP1529: 12/31/2009 1:59:24 AM - System Checkpoint
RP1530: 1/1/2010 2:19:28 AM - System Checkpoint
RP1531: 1/2/2010 3:18:40 AM - System Checkpoint
RP1532: 1/3/2010 3:19:59 AM - System Checkpoint
RP1533: 1/3/2010 10:34:22 AM - Installed VAFS
RP1534: 1/4/2010 11:42:01 PM - System Checkpoint
RP1535: 1/6/2010 12:27:55 AM - System Checkpoint
RP1536: 1/7/2010 1:27:46 AM - System Checkpoint
RP1537: 1/8/2010 2:27:45 AM - System Checkpoint
RP1538: 1/9/2010 3:27:41 AM - System Checkpoint
RP1539: 1/10/2010 4:03:52 AM - System Checkpoint
RP1540: 1/11/2010 4:03:56 AM - System Checkpoint
RP1541: 1/12/2010 4:04:52 AM - System Checkpoint
RP1542: 1/13/2010 4:04:52 AM - System Checkpoint
RP1543: 1/14/2010 4:04:52 AM - System Checkpoint
RP1544: 1/15/2010 4:43:58 AM - System Checkpoint
RP1545: 1/16/2010 4:43:58 AM - System Checkpoint
RP1546: 1/16/2010 11:40:08 AM - Printer Driver HP LaserJet M1319f FAX Installed
RP1547: 1/17/2010 11:43:58 AM - System Checkpoint
RP1548: 1/18/2010 11:43:58 AM - System Checkpoint
RP1549: 1/19/2010 12:43:58 PM - System Checkpoint
RP1550: 1/20/2010 12:55:58 PM - System Checkpoint
RP1551: 1/21/2010 1:43:58 PM - System Checkpoint
RP1552: 1/22/2010 2:44:03 PM - System Checkpoint
RP1553: 1/22/2010 11:44:59 PM - Airport Chart wird installiert
RP1554: 1/23/2010 3:14:29 PM - Installed MozyHome Remote Backup
RP1555: 1/24/2010 4:00:17 PM - System Checkpoint
RP1556: 1/25/2010 6:36:31 PM - System Checkpoint
RP1557: 1/26/2010 7:28:52 PM - System Checkpoint
RP1558: 1/27/2010 8:16:57 PM - System Checkpoint
RP1559: 1/28/2010 9:16:57 PM - System Checkpoint
RP1560: 1/30/2010 7:36:49 AM - System Checkpoint
RP1561: 1/31/2010 7:45:17 AM - System Checkpoint
RP1562: 2/1/2010 8:19:18 AM - System Checkpoint
RP1563: 2/2/2010 8:58:56 AM - System Checkpoint
RP1564: 2/3/2010 9:58:51 AM - System Checkpoint
RP1565: 2/3/2010 10:27:04 PM - Installed PMDG BAe JS4100
RP1566: 2/3/2010 10:33:45 PM - Removed PMDG BAe JS4100
RP1567: 2/3/2010 10:35:38 PM - Installed PMDG BAe JS4100
RP1568: 2/4/2010 11:43:16 PM - System Checkpoint
RP1569: 2/5/2010 8:22:10 PM - Installed PMDG_BAe_JS4100_N401TJ
RP1570: 2/5/2010 8:34:06 PM - Removed PMDG BAe JS4100
RP1571: 2/5/2010 8:40:43 PM - Installed PMDG BAe JS4100
RP1572: 2/5/2010 9:58:32 PM - Registry Toolkit Restore Point
RP1573: 2/7/2010 12:33:25 AM - System Checkpoint
RP1574: 2/8/2010 12:52:41 AM - System Checkpoint
RP1575: 2/9/2010 1:04:37 AM - System Checkpoint
RP1576: 2/10/2010 1:20:39 AM - System Checkpoint
RP1577: 2/11/2010 1:57:12 AM - System Checkpoint
RP1578: 2/12/2010 2:57:12 AM - System Checkpoint
RP1579: 2/13/2010 2:57:12 AM - System Checkpoint
RP1580: 2/14/2010 3:09:12 AM - System Checkpoint
RP1581: 2/15/2010 3:50:13 AM - System Checkpoint
RP1582: 2/16/2010 4:50:13 AM - System Checkpoint
RP1583: 2/17/2010 5:06:42 AM - System Checkpoint
RP1584: 2/18/2010 5:18:42 AM - System Checkpoint
RP1585: 2/19/2010 5:22:14 AM - System Checkpoint
RP1586: 2/20/2010 6:22:18 AM - System Checkpoint
RP1587: 2/21/2010 7:12:17 AM - System Checkpoint
RP1588: 2/22/2010 8:00:13 AM - System Checkpoint
RP1589: 2/23/2010 9:00:13 AM - System Checkpoint
RP1590: 2/24/2010 9:04:57 AM - System Checkpoint
RP1591: 2/25/2010 9:19:22 AM - System Checkpoint
RP1592: 2/26/2010 10:19:26 AM - System Checkpoint
RP1593: 2/27/2010 11:24:38 AM - System Checkpoint
RP1594: 2/28/2010 12:19:22 PM - System Checkpoint
RP1595: 2/28/2010 1:46:56 PM - Registry Toolkit Restore Point
RP1596: 3/1/2010 2:40:05 PM - System Checkpoint
RP1597: 3/2/2010 3:01:22 PM - System Checkpoint
RP1598: 3/3/2010 3:01:22 PM - System Checkpoint
RP1599: 3/4/2010 4:01:26 PM - System Checkpoint
RP1600: 3/5/2010 5:01:22 PM - System Checkpoint
RP1601: 3/6/2010 5:06:33 PM - System Checkpoint
RP1602: 3/7/2010 5:06:35 PM - System Checkpoint
RP1603: 3/8/2010 5:27:43 PM - System Checkpoint
RP1604: 3/9/2010 6:41:51 PM - System Checkpoint
RP1605: 3/10/2010 7:43:24 PM - System Checkpoint
RP1606: 3/11/2010 8:23:16 PM - System Checkpoint
RP1607: 3/11/2010 9:47:39 PM - Installed PVACARS
RP1608: 3/12/2010 10:23:16 PM - System Checkpoint
RP1609: 3/14/2010 1:50:52 AM - System Checkpoint
RP1610: 3/15/2010 2:11:19 AM - System Checkpoint
RP1611: 3/15/2010 11:05:40 PM - Removed FSacars
RP1612: 3/15/2010 11:06:12 PM - Installed FSacars
RP1613: 3/17/2010 12:23:33 AM - System Checkpoint
RP1614: 3/18/2010 1:11:19 AM - System Checkpoint
RP1615: 3/19/2010 1:58:17 AM - System Checkpoint
RP1616: 3/20/2010 1:58:21 AM - System Checkpoint
RP1617: 3/21/2010 2:12:48 AM - System Checkpoint
RP1618: 3/22/2010 2:58:22 AM - System Checkpoint
RP1619: 3/23/2010 3:43:11 AM - System Checkpoint
RP1620: 3/24/2010 4:43:11 AM - System Checkpoint
RP1621: 3/25/2010 4:43:11 AM - System Checkpoint
RP1622: 3/26/2010 4:44:32 AM - System Checkpoint
RP1623: 3/27/2010 5:20:21 AM - System Checkpoint
RP1624: 3/28/2010 5:32:21 AM - System Checkpoint
RP1625: 3/29/2010 6:20:21 AM - System Checkpoint
RP1626: 3/30/2010 7:20:21 AM - System Checkpoint
RP1627: 3/31/2010 8:19:43 AM - System Checkpoint
RP1628: 4/1/2010 8:19:47 AM - System Checkpoint
RP1629: 4/2/2010 8:20:33 AM - System Checkpoint
RP1630: 4/3/2010 8:45:11 AM - System Checkpoint
RP1631: 4/3/2010 10:12:05 AM - Removed PVACARS
RP1632: 4/3/2010 10:12:45 AM - Installed PVACARS
RP1633: 4/4/2010 10:57:15 AM - System Checkpoint
RP1634: 4/5/2010 11:21:12 AM - System Checkpoint
RP1635: 4/5/2010 10:02:01 PM - VAFINANCIALS 4.0.1.26 Install O
RP1636: 4/5/2010 10:02:48 PM - VAFINANCIALS 4.0.1.26 Install O
RP1637: 4/6/2010 11:32:30 PM - System Checkpoint
RP1638: 4/8/2010 12:37:21 AM - System Checkpoint
RP1639: 4/9/2010 1:03:50 AM - System Checkpoint
RP1640: 4/10/2010 1:07:07 AM - System Checkpoint
RP1641: 4/11/2010 2:03:54 AM - System Checkpoint
RP1642: 4/12/2010 2:04:56 AM - System Checkpoint
RP1643: 4/15/2010 12:20:03 AM - System Checkpoint
RP1644: 4/16/2010 1:14:07 AM - System Checkpoint
RP1645: 4/17/2010 1:38:43 AM - System Checkpoint
RP1646: 4/23/2010 8:27:23 PM - System Checkpoint
RP1647: 4/23/2010 10:34:11 PM - avast! Free Antivirus Setup
RP1648: 4/24/2010 11:20:59 PM - System Checkpoint
RP1649: 4/26/2010 7:02:28 PM - System Checkpoint
RP1650: 4/27/2010 7:16:08 PM - System Checkpoint
RP1651: 4/28/2010 8:12:36 PM - System Checkpoint
RP1652: 4/29/2010 8:30:15 PM - System Checkpoint
RP1653: 4/29/2010 10:17:29 PM - Removed PVACARS
RP1654: 4/29/2010 10:19:23 PM - Installed PVACARS
RP1655: 5/1/2010 12:52:10 AM - System Checkpoint
RP1656: 5/2/2010 1:20:50 AM - System Checkpoint
RP1657: 5/3/2010 2:17:07 AM - System Checkpoint
RP1658: 5/4/2010 2:31:25 AM - System Checkpoint
RP1659: 5/5/2010 3:31:21 AM - System Checkpoint
RP1660: 5/6/2010 4:31:21 AM - System Checkpoint
RP1661: 5/7/2010 4:57:04 AM - System Checkpoint
RP1662: 5/8/2010 4:57:20 AM - System Checkpoint
RP1663: 5/9/2010 5:46:49 AM - System Checkpoint
RP1664: 5/10/2010 6:46:49 AM - System Checkpoint
RP1665: 5/11/2010 7:38:08 AM - System Checkpoint
RP1666: 5/12/2010 8:34:49 AM - System Checkpoint
RP1667: 5/13/2010 9:34:49 AM - System Checkpoint
RP1668: 5/14/2010 10:34:49 AM - System Checkpoint
RP1669: 5/15/2010 11:34:53 AM - System Checkpoint
RP1670: 5/16/2010 11:37:15 AM - System Checkpoint
RP1671: 5/17/2010 12:37:05 PM - System Checkpoint
RP1672: 5/18/2010 12:49:05 PM - System Checkpoint
RP1673: 5/19/2010 12:49:09 PM - System Checkpoint
RP1674: 5/20/2010 1:37:05 PM - System Checkpoint
RP1675: 5/21/2010 1:48:24 PM - System Checkpoint
RP1676: 5/22/2010 2:48:29 PM - System Checkpoint
RP1677: 5/23/2010 10:56:41 AM - Installed MozyHome
RP1678: 5/24/2010 11:46:42 AM - System Checkpoint
RP1679: 5/25/2010 12:46:46 PM - System Checkpoint
RP1680: 5/26/2010 1:46:46 PM - System Checkpoint
RP1681: 5/27/2010 2:46:42 PM - System Checkpoint
RP1682: 5/28/2010 3:12:24 PM - System Checkpoint
RP1683: 5/29/2010 3:12:28 PM - System Checkpoint
RP1684: 5/30/2010 3:35:23 PM - System Checkpoint
RP1685: 5/31/2010 3:36:29 PM - System Checkpoint
RP1686: 6/1/2010 3:47:20 PM - System Checkpoint
RP1687: 6/2/2010 4:35:24 PM - System Checkpoint
RP1688: 6/3/2010 5:35:24 PM - System Checkpoint
RP1689: 6/4/2010 5:59:19 PM - System Checkpoint
RP1690: 6/6/2010 12:48:58 AM - System Checkpoint
RP1691: 6/6/2010 9:33:16 AM - Removed MozyHome
RP1692: 6/6/2010 9:35:05 AM - Installed MozyHome Remote Backup
RP1693: 6/6/2010 12:24:49 PM - Installed MozyHome Remote Backup
RP1694: 6/6/2010 12:26:52 PM - Installed MozyHome Remote Backup
RP1695: 6/6/2010 12:28:51 PM - Installed MozyHome Remote Backup
RP1696: 6/6/2010 12:30:57 PM - Installed MozyHome
RP1697: 6/7/2010 1:02:22 PM - System Checkpoint
RP1698: 6/8/2010 2:02:22 PM - System Checkpoint
RP1699: 6/9/2010 2:02:22 PM - System Checkpoint
RP1700: 6/10/2010 2:35:55 PM - System Checkpoint
RP1701: 6/11/2010 3:35:55 PM - System Checkpoint
RP1702: 6/12/2010 3:35:55 PM - System Checkpoint
RP1703: 6/13/2010 12:12:22 PM - Installed MozyHome
RP1704: 6/14/2010 12:35:55 PM - System Checkpoint
RP1705: 6/14/2010 8:05:38 PM - Removed PVACARS
RP1706: 6/14/2010 8:08:14 PM - Installed PVACARS
RP1707: 6/15/2010 8:53:00 PM - System Checkpoint
RP1708: 6/16/2010 9:53:00 PM - System Checkpoint
RP1709: 6/17/2010 11:52:45 PM - System Checkpoint
RP1710: 6/21/2010 6:55:14 PM - System Checkpoint
RP1711: 6/21/2010 10:08:14 PM - Removed PVACARS
RP1712: 6/21/2010 10:09:20 PM - Installed PVACARS
RP1713: 6/22/2010 11:49:29 PM - System Checkpoint
RP1714: 6/23/2010 11:51:07 PM - System Checkpoint
RP1715: 6/24/2010 11:51:45 PM - System Checkpoint
RP1716: 6/26/2010 12:36:22 AM - System Checkpoint
RP1717: 6/27/2010 1:06:40 AM - System Checkpoint
RP1718: 6/28/2010 1:59:49 AM - System Checkpoint
RP1719: 6/29/2010 2:59:48 AM - System Checkpoint
RP1720: 6/30/2010 3:59:48 AM - System Checkpoint
RP1721: 7/1/2010 4:00:04 AM - System Checkpoint
RP1722: 7/2/2010 5:00:05 AM - System Checkpoint
RP1723: 7/3/2010 6:00:04 AM - System Checkpoint
RP1724: 7/4/2010 6:12:35 AM - System Checkpoint
RP1725: 7/5/2010 11:59:28 AM - System Checkpoint
RP1726: 7/6/2010 11:01:56 PM - System Checkpoint
RP1727: 7/7/2010 11:36:51 PM - System Checkpoint
RP1728: 7/8/2010 11:37:10 PM - System Checkpoint
RP1729: 7/10/2010 12:37:10 AM - System Checkpoint
RP1730: 7/11/2010 12:37:11 AM - System Checkpoint
RP1731: 7/12/2010 1:37:11 AM - System Checkpoint
RP1732: 7/13/2010 1:37:52 AM - System Checkpoint
RP1733: 7/14/2010 2:29:27 AM - System Checkpoint
RP1734: 7/15/2010 2:52:42 AM - System Checkpoint
RP1735: 7/16/2010 3:04:42 AM - System Checkpoint
RP1736: 7/17/2010 3:20:22 AM - System Checkpoint
RP1737: 7/18/2010 4:20:26 AM - System Checkpoint
RP1738: 7/19/2010 7:51:25 AM - System Checkpoint
RP1739: 7/20/2010 8:55:28 AM - System Checkpoint
RP1740: 7/21/2010 9:31:42 AM - System Checkpoint
RP1741: 7/23/2010 8:17:15 PM - System Checkpoint
RP1742: 7/24/2010 8:48:12 PM - System Checkpoint
RP1743: 7/25/2010 8:49:17 PM - System Checkpoint
RP1744: 7/26/2010 9:02:09 PM - System Checkpoint
RP1745: 7/27/2010 10:02:09 PM - System Checkpoint
RP1746: 7/28/2010 10:14:09 PM - System Checkpoint
RP1747: 7/29/2010 10:17:57 PM - System Checkpoint
RP1748: 7/30/2010 10:38:49 PM - System Checkpoint
RP1749: 7/31/2010 11:48:21 PM - System Checkpoint
RP1750: 8/2/2010 12:24:07 AM - System Checkpoint
RP1751: 8/3/2010 1:36:03 AM - System Checkpoint
RP1752: 8/6/2010 1:23:02 AM - System Checkpoint
RP1753: 8/6/2010 10:32:22 PM - Installed PVACARS
RP1754: 8/7/2010 11:23:50 PM - System Checkpoint
RP1755: 8/8/2010 11:46:13 PM - System Checkpoint
RP1756: 8/9/2010 6:31:08 PM - Installed Douglas DC-4 for FSX or FS2004
RP1757: 8/11/2010 12:49:31 AM - System Checkpoint
RP1758: 8/12/2010 1:46:13 AM - System Checkpoint
RP1759: 8/13/2010 2:46:13 AM - System Checkpoint
RP1760: 8/13/2010 10:53:06 PM - Installed BFL Acars
RP1761: 8/14/2010 11:43:06 PM - System Checkpoint
RP1762: 8/15/2010 11:46:34 PM - System Checkpoint
RP1763: 8/17/2010 8:54:09 AM - System Checkpoint
RP1764: 8/23/2010 12:42:59 PM - System Checkpoint
RP1765: 8/24/2010 1:09:43 PM - System Checkpoint
RP1766: 8/25/2010 2:09:43 PM - System Checkpoint
RP1767: 8/26/2010 2:21:43 PM - System Checkpoint
RP1768: 8/27/2010 3:08:18 PM - System Checkpoint
RP1769: 8/28/2010 3:09:43 PM - System Checkpoint
RP1770: 8/29/2010 2:05:07 PM - Installed PVACARS
RP1771: 8/30/2010 2:58:35 PM - System Checkpoint
RP1772: 8/31/2010 3:47:36 PM - System Checkpoint
RP1773: 9/1/2010 4:46:35 PM - System Checkpoint
RP1774: 9/3/2010 9:32:17 PM - System Checkpoint
RP1775: 9/4/2010 10:28:05 PM - System Checkpoint
RP1776: 9/5/2010 11:52:29 PM - System Checkpoint
RP1777: 9/6/2010 9:45:08 AM - Spyware Doctor: Cleaning Threats
RP1778: 9/7/2010 9:48:58 AM - System Checkpoint

==== Installed Programs ======================


==== Event Viewer Messages From Past Week ========


==== End Of File ===========================
lehbird
Regular Member
 
Posts: 40
Joined: September 5th, 2010, 12:01 am

Re: Being Blocked from Malaware Updates & going onto Malawar

Unread postby km2357 » September 7th, 2010, 7:50 pm

Do you recognize the following program?:

Special Internet Offers


Step # 1: Add/Remove Programs

Go to Start-Settings-Control Panel, click on Add Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

Ask Toolbar

Reboot your Computer.


Please disable avast! Antivirus as it may interfere with the fixes. Remember to re-enable it back before posting the logs.

* Right click on avast! Antivirus icon near the clock and select Stop On-Access Protection.
* Right click on this icon again and select Program Settings.
* On the left, click on Troubleshooting.
* Uncheck (untick) this box - Disable avast! self-defense module.
* Click OK to apply the settings

If the above doesn't work, do the following:

Right click on the toolbar icon, then pull down "avast shield control" and click "Disable for 1 hour".


Step # 2: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Being Blocked from Malaware Updates & going onto Malawar

Unread postby lehbird » September 8th, 2010, 12:10 am

Here's the Combofix log.

Thanks again !!

ComboFix 10-09-07.01 - David N. Leh 09/07/2010 23:01:27.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1345 [GMT -4:00]
Running from: c:\documents and settings\David N. Leh\Desktop\ComboFix1.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\David N. Leh\Application Data\0200000028908f59509C.manifest
c:\documents and settings\David N. Leh\Application Data\0200000028908f59509O.manifest
c:\documents and settings\David N. Leh\Application Data\0200000028908f59509P.manifest
c:\documents and settings\David N. Leh\Application Data\0200000028908f59509S.manifest
c:\program files\VisualTool
c:\program files\VisualTool\pcre3.dll
c:\program files\VisualTool\uninstall.exe
c:\program files\VisualTool\VisualTool.dat
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\Ijl11.dll
c:\windows\system32\twain.dll
c:\windows\system32\UACgcxtprntnaqdqvy.log
c:\windows\system32\UAClqawskqsvuqhjru.db
c:\windows\system32\uactmp.db
C:\xcrashdump.dat
c:\windows\system32\gotomon.log . . . .

Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACD.SYS


((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-09-06 13:35 . 2009-10-08 18:14 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-09-06 13:35 . 2009-10-08 18:14 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-09-06 13:35 . 2009-10-08 18:14 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-09-05 04:40 . 2010-09-05 04:40 -------- d-----w- c:\documents and settings\Dave 2010\Application Data\Malwarebytes
2010-09-05 03:01 . 2010-09-05 03:01 -------- d-----w- c:\documents and settings\Dave 2010\Local Settings\Application Data\Apple Computer
2010-09-05 03:00 . 2010-09-05 03:00 -------- d-----w- c:\documents and settings\Dave 2010\Local Settings\Application Data\SupportSoft
2010-09-05 03:00 . 2010-09-05 03:00 -------- d-----w- c:\documents and settings\Dave 2010\Application Data\Creative
2010-09-04 17:31 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-04 17:30 . 2010-09-04 17:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-04 00:30 . 2010-09-04 00:30 -------- d-----w- c:\documents and settings\Dave 2010\Application Data\Share-to-Web Upload Folder
2010-09-04 00:26 . 2010-09-04 00:26 -------- d-----w- c:\documents and settings\Dave 2010\Local Settings\Application Data\Mozilla
2010-09-03 22:42 . 2010-09-03 16:42 114 ----a-w- C:\shellfix.reg
2010-09-03 22:42 . 2010-09-03 16:28 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs
2010-09-03 22:42 . 2010-09-03 16:25 4532 ----a-w- C:\nodesktop.reg
2010-09-03 22:41 . 2010-09-03 22:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-09-03 22:34 . 2010-09-03 22:34 99240 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-03 22:33 . 2010-09-03 22:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2010-09-03 22:24 . 2010-09-03 22:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-28 19:37 . 2010-08-28 19:37 -------- d-----w- C:\spoolerlogs
2010-08-14 02:54 . 2010-08-14 02:54 -------- d-----w- c:\documents and settings\David N. Leh\Local Settings\Application Data\FS-Products

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 03:35 . 2009-07-08 02:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-08 03:33 . 2009-11-19 12:30 -------- d-----w- c:\program files\Spyware Doctor
2010-09-08 03:33 . 2009-02-21 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-08 03:33 . 2009-02-21 18:11 3681 ----a-w- c:\windows\system32\mmf.sys
2010-09-07 21:05 . 2009-02-21 17:18 -------- d-----w- c:\program files\LimeWire
2010-09-06 13:35 . 2009-11-19 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-05 03:25 . 2009-02-21 17:48 -------- d-----w- c:\program files\Quicken
2010-09-04 17:29 . 2009-02-21 17:18 -------- d-----w- c:\program files\Lavasoft
2010-09-04 17:28 . 2009-02-21 17:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-04 00:22 . 2010-09-03 23:00 -------- d--h--w- c:\documents and settings\Dave 2010\Application Data\Gtek
2010-09-03 23:10 . 2009-02-21 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-09-03 23:03 . 2009-02-21 17:54 -------- d-----w- c:\program files\Web Publish
2010-08-28 19:43 . 2010-03-06 03:54 -------- d-----w- c:\documents and settings\David N. Leh\Application Data\vlc
2010-08-23 17:25 . 2006-10-29 15:44 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-08-17 18:10 . 2010-09-01 02:37 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
2010-08-14 02:53 . 2010-08-14 02:53 6082 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{BF04B549-AB62-4A70-92F3-613FBB23D923}\_EF2DE6B871DE07CA710128.exe
2010-08-14 02:53 . 2010-08-14 02:53 6082 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{BF04B549-AB62-4A70-92F3-613FBB23D923}\_6FEFF9B68218417F98F549.exe
2010-08-14 02:53 . 2010-08-14 02:53 6082 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{BF04B549-AB62-4A70-92F3-613FBB23D923}\_105300B85D110B41DF3FB4.exe
2010-08-12 12:16 . 2010-09-04 17:30 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-07-09 14:26 . 2010-09-01 02:38 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe
2010-07-02 14:25 . 2010-09-01 02:38 1118208 ------w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll
2010-07-02 14:25 . 2010-09-01 02:38 60416 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll
2010-06-28 20:57 . 2010-07-03 17:41 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-02-24 22:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-02-24 22:59 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-02-24 22:59 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-02-24 22:59 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-02-24 22:59 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-02-24 22:59 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-02-24 22:59 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-02-24 22:59 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-16 01:41 . 2008-08-30 02:14 29926 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{A5637A7A-D40E-433B-8C64-BC6111F8342E}\_57901822.exe
2010-06-16 01:41 . 2008-08-30 02:14 23878 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{A5637A7A-D40E-433B-8C64-BC6111F8342E}\_3c9a3d18.exe
2010-06-16 01:41 . 2008-08-30 02:14 20758 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{A5637A7A-D40E-433B-8C64-BC6111F8342E}\_13f04d1e.exe
2010-06-16 01:41 . 2008-08-30 02:14 1078 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{A5637A7A-D40E-433B-8C64-BC6111F8342E}\_6c111d32.exe
2008-12-17 00:33 . 2006-12-29 15:47 147 ----a-w- c:\program files\RedStat.sts
2008-12-17 00:29 . 2006-12-28 16:26 406 ----a-w- c:\program files\MailList.dmn
2006-12-28 16:28 . 2006-12-28 16:28 0 ----a-w- c:\program files\HPSW.CKI
2006-12-28 16:27 . 2006-12-28 16:27 41 ----a-w- c:\program files\eregreg.ini
1999-01-06 05:09 . 2006-12-28 16:26 4039699 ----a-w- c:\program files\MailList.pdf
1998-10-29 04:41 . 2006-12-28 16:26 10584 ----a-w- c:\program files\Techsupp.hlp
1998-07-14 15:24 . 2006-12-28 16:26 363178 ----a-w- c:\program files\MailList.hlp
1998-07-14 13:02 . 2006-12-28 16:26 11790 ----a-w- c:\program files\MailList.cnt
1998-07-07 16:21 . 2006-12-28 16:26 196096 ----a-w- c:\program files\MailList.exe
1998-07-06 19:06 . 2006-12-28 16:26 385 ----a-w- c:\program files\webmain.url
1998-07-06 17:43 . 2006-12-28 16:26 77824 ----a-w- c:\program files\Textdbs.dbs
1998-07-06 17:42 . 2006-12-28 16:26 39424 ----a-w- c:\program files\Native.dbs
1998-07-06 17:24 . 2006-12-28 16:26 37376 ----a-w- c:\program files\AddrCD.rmv
1998-07-02 17:16 . 2006-12-28 16:26 18 ----a-w- c:\program files\bmUpd.ddm
1998-06-26 15:16 . 2006-12-28 16:26 71168 ----a-w- c:\program files\jeteng.dbs
1998-06-26 15:13 . 2006-12-28 16:26 28160 ----a-w- c:\program files\oldmaml.dbs
1998-06-04 12:55 . 2006-12-28 16:26 5442 ----a-w- c:\program files\POSTRATE.TXT
1998-06-04 12:55 . 2006-12-28 16:26 279611 ----a-w- c:\program files\PostTab.txt
1998-06-03 20:15 . 2006-12-28 16:26 12525 ----a-w- c:\program files\Intercom.hlp
1998-06-03 14:41 . 2006-12-28 16:26 17408 ----a-w- c:\program files\oldmald.dbs
1998-05-26 19:50 . 2006-12-28 16:26 361239 ----a-w- c:\program files\maillist.wth
1998-05-26 16:52 . 2006-12-28 16:26 301607 ----a-w- c:\program files\Orderfrm.hlp
1998-05-11 14:22 . 2006-12-28 16:26 516 ----a-w- c:\program files\Orderfrm.cnt
1998-05-04 16:56 . 2006-12-28 16:26 2609 ----a-w- c:\program files\ereginfo.ini
1998-04-27 11:24 . 2006-12-28 16:26 128 ----a-w- c:\program files\EREG.BIN
1998-01-02 19:29 . 2006-12-28 16:26 133 ----a-w- c:\program files\InterCom.cnt
1997-12-01 15:51 . 2006-12-28 16:26 233980 ----a-w- c:\program files\FORMDEF.FDL
1997-12-01 15:51 . 2006-12-28 16:26 231248 ----a-w- c:\program files\FORMOPS.FDL
1997-12-01 15:51 . 2006-12-28 16:26 181616 ----a-w- c:\program files\FORMMETA.FDL
1997-11-21 13:32 . 2006-12-28 16:26 66034 ----a-w- c:\program files\Hotels.mml
1997-11-21 13:32 . 2006-12-28 16:26 264192 ----a-w- c:\program files\Hotelsmml.bcf
1997-11-21 13:32 . 2006-12-28 16:26 2144 ----a-w- c:\program files\Hotelsmml.fsif
1997-11-21 13:32 . 2006-12-28 16:26 1568 ----a-w- c:\program files\Hotelsmml.msif
1997-11-21 13:32 . 2006-12-28 16:26 6344 ----a-w- c:\program files\Airlinesmml.fsif
1997-11-21 13:32 . 2006-12-28 16:26 4568 ----a-w- c:\program files\Airlinesmml.msif
1997-11-21 13:32 . 2006-12-28 16:26 262656 ----a-w- c:\program files\Airlinesmml.bcf
1997-11-21 13:32 . 2006-12-28 16:26 201934 ----a-w- c:\program files\Airlines.mml
1997-11-21 13:32 . 2006-12-28 16:26 45196 ----a-w- c:\program files\Car Rentals.mml
1997-11-21 13:32 . 2006-12-28 16:26 264192 ----a-w- c:\program files\Car Rentalsmml.bcf
1997-11-21 13:32 . 2006-12-28 16:26 1500 ----a-w- c:\program files\Car Rentalsmml.fsif
1997-11-21 13:32 . 2006-12-28 16:26 1108 ----a-w- c:\program files\Car Rentalsmml.msif
1997-08-22 22:03 . 2006-12-28 16:26 0 ----a-w- c:\program files\maillist.sup
2007-12-23 05:08 . 2007-12-23 05:08 61 --sh--w- c:\windows\cnerolf.bin
2006-04-01 01:40 . 2006-04-01 01:40 61 --sh--w- c:\windows\cnerolf.dat
2004-08-04 11:00 . 2004-08-10 18:51 94784 --sh--w- c:\windows\twain.dll
2004-08-04 11:00 . 2004-08-10 18:51 50688 --sh--w- c:\windows\twain_32.dll
2009-06-07 13:43 . 2006-03-25 13:49 152 --sh--r- c:\windows\system32\501AA94F16.sys
2004-08-04 11:00 . 2004-08-10 18:51 413696 --sh--w- c:\windows\system32\msvcp60.dll
2007-12-04 18:38 . 2004-08-10 18:51 550912 --sh--w- c:\windows\system32\oleaut32.dll
2004-08-04 11:00 . 2004-08-10 18:51 83456 --sh--w- c:\windows\system32\olepro32.dll
2004-08-04 11:00 . 2004-08-10 18:51 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2010-06-28 21:33 668816 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-06-28 21:33 668816 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2010-06-28 21:33 668816 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-19 202256]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Registry Toolkit"="c:\program files\Registry Toolkit\RegToolkit.exe" [2008-07-01 1873200]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2006-08-09 184320]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-24 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"CTHelper"="CTHELPER.EXE" [2008-06-27 19456]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2010-06-28 900240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MySoftware InterCom.lnk - c:\program files\Common Files\MySoftware\intercom.exe [2006-12-28 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2005-12-06 20:47 10848 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-06-28 20:57 2837864 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"nHancer"="c:\program files\nHancer\nHancer.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
"CTSysVol"=c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
"DLA"=c:\windows\System32\DLA\DLACTRLW.EXE
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WinPatrol"=c:\program files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"e:\\Program Files\\FSFDT\\FWInn\\FWINN.exe"=
"e:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"e:\\Program Files\\FSFDT\\Control Panel\\FSFDTCP.exe"=
"e:\\Program Files\\FSFDT\\FSInn UI VVL\\FSInnUIVVL.exe"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\MADDOG2006\\MDCP.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe"=
"c:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"=
"e:\\Program Files\\Tower Simulator v1\\Tower.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\X-Plane 9 Demo\\X-Plane.exe"=
"c:\\Documents and Settings\\David N. Leh\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\MADDOG2008\\MDCP.exe"=
"c:\\Program Files\\DiskTrix\\DefragExpress\\DefragExpress.exe"=
"g:\\Downloads\\Flight zips\\FSHost\\FSPortTest.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"e:\\Program Files\\Microsoft Games\\fshost\\FSHost32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"55008:TCP"= 55008:TCP:RWATC
"55009:TCP"= 55009:TCP:RWATC
"55010:TCP"= 55010:TCP:RWATC
"6073:TCP"= 6073:TCP:Fshost

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/4/2010 1:31 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/19/2009 8:31 AM 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [9/6/2010 9:35 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [9/6/2010 9:35 AM 59664]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/24/2010 6:59 PM 165456]
R1 NGS;Norman General Security Driver;c:\virusfighter\Nvc\Bin\ngs.sys [6/17/2009 11:43 PM 22712]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/19/2009 8:31 AM 229304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/24/2010 6:59 PM 17744]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/19/2009 8:33 AM 112592]
R2 HPM1319RcvFaxSrvc;HP M1319 Receive Fax Service;c:\program files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe [3/27/2008 4:24 PM 348160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355416]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [9/2/2006 2:10 PM 2560]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/19/2009 8:30 AM 358600]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
R3 HP1319EWS;HP1319EWS;c:\windows\system32\drivers\HP1319EWS.sys [2/28/2009 10:36 AM 12800]
R3 HP1319FAX;HP1319MFP FAX;c:\windows\system32\drivers\HP1319FAX.sys [2/28/2009 10:36 AM 13824]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/19/2009 8:31 AM 70408]
R3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2/20/2007 11:00 PM 182528]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [9/6/2010 9:35 AM 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [10/20/2006 8:52 PM 3712]
S1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys --> c:\windows\system32\drivers\oreans32.sys [?]
S2 gupdate1ca3fe3dfb19044;Google Update Service (gupdate1ca3fe3dfb19044);c:\program files\Google\Update\GoogleUpdate.exe [9/27/2009 10:32 PM 133104]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\DAVIDN~1.LEH\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\DAVIDN~1.LEH\LOCALS~1\Temp\ALSysIO.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2/20/2008 10:23 PM 69632]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 8:15 AM 15008]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-08-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-03 00:35]

2010-09-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]

2010-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-06-26 c:\windows\Tasks\DefragExpress.job
- c:\program files\DiskTrix\DefragExpress\DefragExpress.exe [2009-04-28 17:10]

2010-09-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-11 10:21]

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 02:31]

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 02:31]

2010-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2464157562-697926883-618238203-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2464157562-697926883-618238203-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2464157562-697926883-618238203-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2464157562-697926883-618238203-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-08 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-09-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-09-08 c:\windows\Tasks\User_Feed_Synchronization-{C6BF2B74-8D07-41C0-A757-BCF09C6BE98B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = By D&E Jazzd
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\David N. Leh\Application Data\Mozilla\Firefox\Profiles\3uu73kfu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\David N. Leh\Application Data\Mozilla\Firefox\Profiles\3uu73kfu.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-qbrskott - c:\documents and settings\David N. Leh\Local Settings\Application Data\ovvxjjvwt\xhoqcbmshdw.exe
HKLM-Run-enelfilm - c:\documents and settings\David N. Leh\Local Settings\Application Data\wwjwjtwia\xwxmpagshdw.exe
Notify-38f353c3509 - (no file)
AddRemove-links_ls.exe - c:\progra~1\FILESU~1\links_ls.exe\UNWISE.EXE
AddRemove-VisualTool - c:\program files\VisualTool\uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 23:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2464157562-697926883-618238203-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,50,94,16,01,b2,17,1a,42
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,6b,8d,dd,0b,84,72,f6,
f2,3d,a6,3c,a0,07,7d,db,f3,88,a8,6c,3f,5c,60,94,94,89,77,0c,65,96,1c,ff,8e,\
"18"=hex:70,56,26,33,e3,20,f8,ab

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="428500B68D149E9F0F2730D748E95F0AE58C4158A61B902EBE6A440AB77DA1E5173023004BF6E7A79E92894F4286730FA71F2B563069B0EC7863461849455F6A5E2684A724E95739952AA620CC1B1C5A8607833220F33FEC4A0DCFBC80D29910833F40F755D74CDAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5C50E1C50F48BF8D716278F8757F3082A0EC26355CA491C32FF036B54B1585C7862796D99DB5DA97BADDCD4733FA8ACB791A03D72437C6E19218124E12389661078EB36C7D3A0A5229C733C8B028F3FD530C37FDBEADB886A95814260894B0496A6637A759759016D0081752143B6FB08A4EC2CA68724CA4B8FEEDC9A26837F07D62A223019AF3F1A8D7EBA8A3FCC32DDF3F28528382AAE4E83254BBFA85D3FA750CFBF0E671FEA40DC3A90B4CC8FCF2F7916F9D926FBDA147687F714F5374C0E6414C122355BF263B30C8289D0EE8B3594DA5AA40DDB76AC6EE2A5602CAC94FCCB122FDED34879F5850C9A4CAD21C57F24B57E858070B83BB649847187AC86505620FA0A7936D6DEBAEAD96ACAEED77923C9BBFCD38F0E2DFBB0D973C852BFA522B28D7D4884A22DF2A7C8CBF4EF762EEA18805B253E5B6D03F510B3DA1ECB45B3B8777193F3D048573BF06A1F1999B9ED2B808C2CDA8DB0F08B0DD8A9850F1A990C946C276290A0F108776976CF65820F9CD095930BD670287FBBD3BC95AC1AC02127F3E0333E3935BE5C50B2777045216EABDF5976E2070000ACB8AA6D368363684519E4A45738F01F04F051F463CF8FA364EC0B64681098B319E543549DFFDAC4C609C488E4CE184C26537E3CF553E4EDD5880D0153CDC14CE3F1C110ED31CB31742910D0139CDBA7BC9F499CA55AD8B0FECA2C06F33E2DAC3AC0766B4A511711502FC3B51377B4DBD35B6F7ACF4B701FE90B7722EFC72F1F359DDF998673DDEFC1F818AFAF8F43B2F5318CD30A4B05165BCF4E86BE64A4149AB902054646948870DE5C4BC61AAD47BC5D7F7D68551F2FC5D33B788EE8B86AFFA3044CB973DCDF33215CA960E6FC0D01FDBECDFEEB63205D56F892AC83A4F97187264A2B24AE5026A1E8F5148FA7861682BB4556C5FAC42F84A1BB75DC102F6C3B191C1998057F803341A7594E949E31D716A823A3054FC1109BD5DC66E534435EA7457E337402141AE06D027395693AC7E40F54D7272FED914560CD4F1D0FD94414554602911495A0781F669CD142FFAC67802C9D29F9985F95EF68AE159A40179536D0D720FC27A5CD13DF96F4DF8E1E26CBD0C604B1FB9E8E217213722BB0CFD801C2098D1E2BF734CBDA9C71FB7AB8C09852211B8680DB8062703CFB1CB3DDCC39C0102C684BDB0DC57FC68"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
c:\program files\Spyware Doctor\TFEngine\TFNI.dll
c:\program files\Spyware Doctor\TFEngine\TFMon.dll
c:\program files\Spyware Doctor\TFEngine\TFRK.dll

- - - - - - - > 'lsass.exe'(612)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'explorer.exe'(1628)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Spyware Doctor\TFEngine\TfWah.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ctagent.dll
c:\program files\Google\Google Desktop Search\GoogleDesktopHyper.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\CTHELPER.EXE
c:\windows\system32\rundll32.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Spyware Doctor\TFEngine\TFService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-09-07 23:46:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-08 03:46

Pre-Run: 365,299,855,360 bytes free
Post-Run: 366,660,726,784 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 24F09B0B3B1637F8AF00A7303E2BC4A8
lehbird
Regular Member
 
Posts: 40
Joined: September 5th, 2010, 12:01 am

Re: Being Blocked from Malaware Updates & going onto Malawar

Unread postby km2357 » September 8th, 2010, 2:56 pm

I still need to know if you recognize the following program or not:

Special Internet Offers

Also, In your ComboFix Log, I noticed a lot of files in the Find3M Report section from 1997-1999. Do you recognize those files?

Here is a sample of said files:

1998-10-29 04:41 . 2006-12-28 16:26 10584 ----a-w- c:\program files\Techsupp.hlp
1998-07-14 15:24 . 2006-12-28 16:26 363178 ----a-w- c:\program files\MailList.hlp
1998-07-14 13:02 . 2006-12-28 16:26 11790 ----a-w- c:\program files\MailList.cnt
1998-07-07 16:21 . 2006-12-28 16:26 196096 ----a-w- c:\program files\MailList.exe
1998-07-06 19:06 . 2006-12-28 16:26 385 ----a-w- c:\program files\webmain.url
1998-07-06 17:43 . 2006-12-28 16:26 77824 ----a-w- c:\program files\Textdbs.dbs
1998-07-06 17:42 . 2006-12-28 16:26 39424 ----a-w- c:\program files\Native.dbs
1998-07-06 17:24 . 2006-12-28 16:26 37376 ----a-w- c:\program files\AddrCD.rmv
1998-07-02 17:16 . 2006-12-28 16:26 18 ----a-w- c:\program files\bmUpd.ddm
1998-06-26 15:16 . 2006-12-28 16:26 71168 ----a-w- c:\program files\jeteng.dbs
1998-06-26 15:13 . 2006-12-28 16:26 28160 ----a-w- c:\program files\oldmaml.dbs
1998-06-04 12:55 . 2006-12-28 16:26 5442 ----a-w- c:\program files\POSTRATE.TXT
1998-06-04 12:55 . 2006-12-28 16:26 279611 ----a-w- c:\program files\PostTab.txt
1998-06-03 20:15 . 2006-12-28 16:26 12525 ----a-w- c:\program files\Intercom.hlp
1998-06-03 14:41 . 2006-12-28 16:26 17408 ----a-w- c:\program files\oldmald.dbs
1998-05-26 19:50 . 2006-12-28 16:26 361239 ----a-w- c:\program files\maillist.wth
1998-05-26 16:52 . 2006-12-28 16:26 301607 ----a-w- c:\program files\Orderfrm.hlp
1998-05-11 14:22 . 2006-12-28 16:26 516 ----a-w- c:\program files\Orderfrm.cnt
1998-05-04 16:56 . 2006-12-28 16:26 2609 ----a-w- c:\program files\ereginfo.ini
1998-04-27 11:24 . 2006-12-28 16:26 128 ----a-w- c:\program files\EREG.BIN
1998-01-02 19:29 . 2006-12-28 16:26 133 ----a-w- c:\program files\InterCom.cnt
1997-12-01 15:51 . 2006-12-28 16:26 233980 ----a-w- c:\program files\FORMDEF.FDL




Registry Cleaners + "Tweak" Tools

Re. RegCure

Registry Toolkit 1.3.0


I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools

They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though
Stopping services and setting policies can speed up your machine ..... as long as you stop and set the right ones, and even then it's debatable if you will notice the improvement.

Remove the wrong registry entry, or stop the wrong service, and not only can you slow your machine .... you could kill it !

To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing and what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.

discussion on regcleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html
And for more good information see what Miekiemoes has to say >> http://miekiemoes.blogspot.com/2008/02/ ... ng_13.html


Step # 1: Deleting Files/Folders

I need you to delete the files/folders I have marked in bold(if found):

c:\program files\LimeWire



Step # 2 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u21.
  • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Remove the following old versions of Java:

  • Java 2 Runtime Environment, SE v1.4.2_03

    J2SE Runtime Environment 5.0 Update 6

    Java(TM) 6 Update 13


  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • From your desktop double-click on the download to install the newest version.


Step # 2: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Step # 3 Run Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware.
  • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
  • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.


In your next post/reply, I need to see the following:

1. Answers to my questions about Special Internet Offers and the files from 1997-1999.
2. MalwareBytes' Log
3. A fresh DDS Log
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Being Blocked from Malaware Updates & going onto Malawar

Unread postby lehbird » September 8th, 2010, 10:59 pm

Ok, as far as your questions:

1. Special Internet Offers- Have no clue what it was, I uninstalled it.
2. I recognize some of the file names. "Maillist" is a mail list program I use. Don't know what alot of the other files are.
3. I deleted C;\programfiles\limewire

As far as Java:

Java 2 Runtime Environment, SE v1.4.2_03 -DELETED

J2SE Runtime Environment 5.0 Update 6 - Could not delete. It said "The feature you are trying to remove is on a network Resource which is unavailable." It gave me a pop up box for me to search for the .msi file it was looking for but I searched my drives and could not find it. I was unable to uninstall this.

Java(TM) 6 Update 13- DELETED

I did go ahead and install the latest version of Java which you suggested.

Here are my new logs. Thanks !

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4577

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

9/8/2010 10:41:25 PM
mbam-log-2010-09-08 (22-41-25).txt

Scan type: Quick scan
Objects scanned: 164266
Time elapsed: 15 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



DDS (Ver_10-03-17.01) - NTFSx86
Run by David N. Leh at 22:43:44.90 on Wed 09/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.985 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\MySoftware\intercom.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\David N. Leh\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = By D&E Jazzd
uInternet Settings,ProxyOverride = <local>
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\ycomp5_6_0_1.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Registry Toolkit] c:\program files\registry toolkit\RegToolkit.exe /scan
mRun: [RCSystem] "c:\program files\creative\shared files\module loader\DLLML.exe" RCSystem * -Startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Profiler] c:\program files\saitek\software\ProfilerU.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [CTHelper] CTHELPER.EXE
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mysoft~1.lnk - c:\program files\common files\mysoftware\intercom.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: musicmatch.com\online
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... wmavax.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davidn~1.leh\applic~1\mozilla\firefox\profiles\3uu73kfu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\david n. leh\application data\mozilla\firefox\profiles\3uu73kfu.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-4 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-19 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-9-6 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-9-6 59664]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-24 165584]
R1 NGS;Norman General Security Driver;c:\virusfighter\nvc\bin\ngs.sys [2009-6-17 22712]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-19 229304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-24 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-23 40384]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-19 112592]
R2 HPM1319RcvFaxSrvc;HP M1319 Receive Fax Service;c:\program files\hp\hp laserjet m1319 mfp series\ReceiveFaxUtility.exe [2008-3-27 348160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2006-9-2 2560]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-19 358600]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-11-19 1141200]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-23 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-23 40384]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
R3 HP1319EWS;HP1319EWS;c:\windows\system32\drivers\HP1319EWS.sys [2009-2-28 12800]
R3 HP1319FAX;HP1319MFP FAX;c:\windows\system32\drivers\HP1319FAX.sys [2009-2-28 13824]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-18 38224]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-19 70408]
R3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2007-2-20 182528]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-9-6 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2006-10-20 3712]
S1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys --> c:\windows\system32\drivers\oreans32.sys [?]
S2 gupdate1ca3fe3dfb19044;Google Update Service (gupdate1ca3fe3dfb19044);c:\program files\google\update\GoogleUpdate.exe [2009-9-27 133104]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\davidn~1.leh\locals~1\temp\alsysio.sys --> c:\docume~1\davidn~1.leh\locals~1\temp\ALSysIO.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\common files\just flight limited shared\service\JustFlightLimitedLicSvc.exe [2008-2-20 69632]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]

=============== Created Last 30 ================

2010-09-09 02:09:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 02:09:54 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 02:47:46 0 d-sha-r- C:\cmdcons
2010-09-08 02:39:08 98816 ----a-w- c:\windows\sed.exe
2010-09-08 02:39:08 77312 ----a-w- c:\windows\MBR.exe
2010-09-08 02:39:08 256512 ----a-w- c:\windows\PEV.exe
2010-09-08 02:39:08 161792 ----a-w- c:\windows\SWREG.exe
2010-09-06 13:35:23 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-09-06 13:35:23 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-09-06 13:35:23 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-09-04 17:31:22 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-04 17:30:08 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-03 22:42:05 4532 ----a-w- C:\nodesktop.reg
2010-09-03 22:42:05 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs
2010-09-03 22:42:05 114 ----a-w- C:\shellfix.reg
2010-08-28 19:37:40 0 d-----w- C:\spoolerlogs

==================== Find3M ====================

2010-09-09 02:00:03 3681 ----a-w- c:\windows\system32\mmf.sys
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-08-23 17:25:32 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-12-17 00:33:20 147 ----a-w- c:\program files\RedStat.sts
2008-12-17 00:29:44 406 ----a-w- c:\program files\MailList.dmn
2006-12-28 16:28:43 0 ----a-w- c:\program files\HPSW.CKI
2006-12-28 16:27:26 41 ----a-w- c:\program files\eregreg.ini
1999-01-06 05:09:56 4039699 ----a-w- c:\program files\MailList.pdf
1998-10-29 04:41:34 10584 ----a-w- c:\program files\Techsupp.hlp
1998-07-14 15:24:12 363178 ----a-w- c:\program files\MailList.hlp
1998-07-14 13:02:42 11790 ----a-w- c:\program files\MailList.cnt
1998-07-07 16:21:54 196096 ----a-w- c:\program files\MailList.exe
1998-07-06 19:06:16 385 ----a-w- c:\program files\webmain.url
1998-07-06 17:43:38 77824 ----a-w- c:\program files\Textdbs.dbs
1998-07-06 17:42:48 39424 ----a-w- c:\program files\Native.dbs
1998-07-06 17:24:54 37376 ----a-w- c:\program files\AddrCD.rmv
1998-07-02 17:16:52 18 ----a-w- c:\program files\bmUpd.ddm
1998-06-26 15:16:12 71168 ----a-w- c:\program files\jeteng.dbs
1998-06-26 15:13:36 28160 ----a-w- c:\program files\oldmaml.dbs
1998-06-04 12:55:40 5442 ----a-w- c:\program files\POSTRATE.TXT
1998-06-04 12:55:40 279611 ----a-w- c:\program files\PostTab.txt
1998-06-03 20:15:00 12525 ----a-w- c:\program files\Intercom.hlp
1998-06-03 14:41:30 17408 ----a-w- c:\program files\oldmald.dbs
1998-05-26 19:50:42 361239 ----a-w- c:\program files\maillist.wth
1998-05-26 16:52:48 301607 ----a-w- c:\program files\Orderfrm.hlp
1998-05-11 14:22:56 516 ----a-w- c:\program files\Orderfrm.cnt
1998-05-04 16:56:08 2609 ----a-w- c:\program files\ereginfo.ini
1998-04-27 11:24:18 128 ----a-w- c:\program files\EREG.BIN
1998-01-02 19:29:56 133 ----a-w- c:\program files\InterCom.cnt
1997-12-01 15:51:34 233980 ----a-w- c:\program files\FORMDEF.FDL
1997-12-01 15:51:34 231248 ----a-w- c:\program files\FORMOPS.FDL
1997-12-01 15:51:34 181616 ----a-w- c:\program files\FORMMETA.FDL
1997-11-21 13:32:56 66034 ----a-w- c:\program files\Hotels.mml
1997-11-21 13:32:56 264192 ----a-w- c:\program files\Hotelsmml.bcf
1997-11-21 13:32:56 2144 ----a-w- c:\program files\Hotelsmml.fsif
1997-11-21 13:32:56 1568 ----a-w- c:\program files\Hotelsmml.msif
1997-11-21 13:32:38 6344 ----a-w- c:\program files\Airlinesmml.fsif
1997-11-21 13:32:38 4568 ----a-w- c:\program files\Airlinesmml.msif
1997-11-21 13:32:38 262656 ----a-w- c:\program files\Airlinesmml.bcf
1997-11-21 13:32:38 201934 ----a-w- c:\program files\Airlines.mml
1997-11-21 13:32:22 45196 ----a-w- c:\program files\Car Rentals.mml
1997-11-21 13:32:22 264192 ----a-w- c:\program files\Car Rentalsmml.bcf
1997-11-21 13:32:20 1500 ----a-w- c:\program files\Car Rentalsmml.fsif
1997-11-21 13:32:20 1108 ----a-w- c:\program files\Car Rentalsmml.msif
1997-08-22 22:03:40 0 ----a-w- c:\program files\maillist.sup
2007-12-23 05:08:50 61 --sh--w- c:\windows\cnerolf.bin
2006-04-01 01:40:12 61 --sh--w- c:\windows\cnerolf.dat
2004-08-04 11:00:00 94784 --sh--w- c:\windows\twain.dll
2004-08-04 11:00:00 50688 --sh--w- c:\windows\twain_32.dll
2009-06-07 13:43:54 152 --sh--r- c:\windows\system32\501AA94F16.sys
2004-08-04 11:00:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2007-12-04 18:38:13 550912 --sh--w- c:\windows\system32\oleaut32.dll
2004-08-04 11:00:00 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 22:47:02.50 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume3
Install Date: 3/25/2006 12:00:37 AM
System Uptime: 9/8/2010 9:59:08 PM (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | G31MX-S2
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2333/333mhz
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2333/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 463 GiB total, 341.2 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 149 GiB total, 50.267 GiB free.
G: is FIXED (FAT32) - 466 GiB total, 389.883 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1482: 11/21/2009 11:46:25 AM - Installed Globe Cargo PIREP
RP1483: 11/21/2009 12:19:47 PM - Installed PMDG744X_GE_QF2
RP1484: 11/22/2009 3:00:11 AM - Software Distribution Service 3.0
RP1485: 11/23/2009 3:00:15 AM - Software Distribution Service 3.0
RP1486: 11/24/2009 3:00:15 AM - Software Distribution Service 3.0
RP1487: 11/25/2009 3:00:16 AM - Software Distribution Service 3.0
RP1488: 11/25/2009 3:04:09 AM - Installed Windows XP KB973687.
RP1489: 11/25/2009 3:04:27 AM - Installed Windows XP KB976098-v2.
RP1490: 11/25/2009 9:26:21 AM - Software Distribution Service 3.0
RP1491: 11/26/2009 3:00:11 AM - Software Distribution Service 3.0
RP1492: 11/26/2009 6:02:37 AM - Software Distribution Service 3.0
RP1493: 11/28/2009 10:48:13 PM - Software Distribution Service 3.0
RP1494: 11/29/2009 3:00:16 AM - Software Distribution Service 3.0
RP1495: 11/30/2009 3:00:15 AM - Software Distribution Service 3.0
RP1496: 11/30/2009 10:25:42 PM - Installed MLB 2K9
RP1497: 11/30/2009 10:40:42 PM - Installed DirectX
RP1498: 12/1/2009 3:00:11 AM - Software Distribution Service 3.0
RP1499: 12/2/2009 3:01:23 AM - Software Distribution Service 3.0
RP1500: 12/3/2009 3:00:14 AM - Software Distribution Service 3.0
RP1501: 12/4/2009 3:00:15 AM - Software Distribution Service 3.0
RP1502: 12/5/2009 3:00:15 AM - Software Distribution Service 3.0
RP1503: 12/5/2009 12:32:51 PM - Software Distribution Service 3.0
RP1504: 12/5/2009 12:34:23 PM - Software Distribution Service 3.0
RP1505: 12/6/2009 1:04:07 PM - System Checkpoint
RP1506: 12/6/2009 6:12:25 PM - Software Distribution Service 3.0
RP1507: 12/7/2009 11:51:17 PM - System Checkpoint
RP1508: 12/9/2009 12:49:54 AM - System Checkpoint
RP1509: 12/10/2009 1:49:54 AM - System Checkpoint
RP1510: 12/11/2009 2:49:58 AM - System Checkpoint
RP1511: 12/12/2009 3:49:58 AM - System Checkpoint
RP1512: 12/13/2009 3:56:49 AM - System Checkpoint
RP1513: 12/14/2009 4:56:49 AM - System Checkpoint
RP1514: 12/15/2009 5:56:45 AM - System Checkpoint
RP1515: 12/16/2009 6:56:45 AM - System Checkpoint
RP1516: 12/17/2009 6:56:45 AM - System Checkpoint
RP1517: 12/18/2009 7:08:45 AM - System Checkpoint
RP1518: 12/19/2009 9:11:19 AM - System Checkpoint
RP1519: 12/20/2009 9:38:07 AM - System Checkpoint
RP1520: 12/21/2009 9:50:02 AM - System Checkpoint
RP1521: 12/22/2009 10:38:07 AM - System Checkpoint
RP1522: 12/23/2009 11:38:03 AM - System Checkpoint
RP1523: 12/24/2009 12:38:02 PM - System Checkpoint
RP1524: 12/25/2009 12:38:02 PM - System Checkpoint
RP1525: 12/27/2009 1:25:36 AM - System Checkpoint
RP1526: 12/28/2009 1:32:22 AM - System Checkpoint
RP1527: 12/29/2009 1:44:22 AM - System Checkpoint
RP1528: 12/30/2009 12:35:57 AM - Installed PMDG744X_RR_BA
RP1529: 12/31/2009 1:59:24 AM - System Checkpoint
RP1530: 1/1/2010 2:19:28 AM - System Checkpoint
RP1531: 1/2/2010 3:18:40 AM - System Checkpoint
RP1532: 1/3/2010 3:19:59 AM - System Checkpoint
RP1533: 1/3/2010 10:34:22 AM - Installed VAFS
RP1534: 1/4/2010 11:42:01 PM - System Checkpoint
RP1535: 1/6/2010 12:27:55 AM - System Checkpoint
RP1536: 1/7/2010 1:27:46 AM - System Checkpoint
RP1537: 1/8/2010 2:27:45 AM - System Checkpoint
RP1538: 1/9/2010 3:27:41 AM - System Checkpoint
RP1539: 1/10/2010 4:03:52 AM - System Checkpoint
RP1540: 1/11/2010 4:03:56 AM - System Checkpoint
RP1541: 1/12/2010 4:04:52 AM - System Checkpoint
RP1542: 1/13/2010 4:04:52 AM - System Checkpoint
RP1543: 1/14/2010 4:04:52 AM - System Checkpoint
RP1544: 1/15/2010 4:43:58 AM - System Checkpoint
RP1545: 1/16/2010 4:43:58 AM - System Checkpoint
RP1546: 1/16/2010 11:40:08 AM - Printer Driver HP LaserJet M1319f FAX Installed
RP1547: 1/17/2010 11:43:58 AM - System Checkpoint
RP1548: 1/18/2010 11:43:58 AM - System Checkpoint
RP1549: 1/19/2010 12:43:58 PM - System Checkpoint
RP1550: 1/20/2010 12:55:58 PM - System Checkpoint
RP1551: 1/21/2010 1:43:58 PM - System Checkpoint
RP1552: 1/22/2010 2:44:03 PM - System Checkpoint
RP1553: 1/22/2010 11:44:59 PM - Airport Chart wird installiert
RP1554: 1/23/2010 3:14:29 PM - Installed MozyHome Remote Backup
RP1555: 1/24/2010 4:00:17 PM - System Checkpoint
RP1556: 1/25/2010 6:36:31 PM - System Checkpoint
RP1557: 1/26/2010 7:28:52 PM - System Checkpoint
RP1558: 1/27/2010 8:16:57 PM - System Checkpoint
RP1559: 1/28/2010 9:16:57 PM - System Checkpoint
RP1560: 1/30/2010 7:36:49 AM - System Checkpoint
RP1561: 1/31/2010 7:45:17 AM - System Checkpoint
RP1562: 2/1/2010 8:19:18 AM - System Checkpoint
RP1563: 2/2/2010 8:58:56 AM - System Checkpoint
RP1564: 2/3/2010 9:58:51 AM - System Checkpoint
RP1565: 2/3/2010 10:27:04 PM - Installed PMDG BAe JS4100
RP1566: 2/3/2010 10:33:45 PM - Removed PMDG BAe JS4100
RP1567: 2/3/2010 10:35:38 PM - Installed PMDG BAe JS4100
RP1568: 2/4/2010 11:43:16 PM - System Checkpoint
RP1569: 2/5/2010 8:22:10 PM - Installed PMDG_BAe_JS4100_N401TJ
RP1570: 2/5/2010 8:34:06 PM - Removed PMDG BAe JS4100
RP1571: 2/5/2010 8:40:43 PM - Installed PMDG BAe JS4100
RP1572: 2/5/2010 9:58:32 PM - Registry Toolkit Restore Point
RP1573: 2/7/2010 12:33:25 AM - System Checkpoint
RP1574: 2/8/2010 12:52:41 AM - System Checkpoint
RP1575: 2/9/2010 1:04:37 AM - System Checkpoint
RP1576: 2/10/2010 1:20:39 AM - System Checkpoint
RP1577: 2/11/2010 1:57:12 AM - System Checkpoint
RP1578: 2/12/2010 2:57:12 AM - System Checkpoint
RP1579: 2/13/2010 2:57:12 AM - System Checkpoint
RP1580: 2/14/2010 3:09:12 AM - System Checkpoint
RP1581: 2/15/2010 3:50:13 AM - System Checkpoint
RP1582: 2/16/2010 4:50:13 AM - System Checkpoint
RP1583: 2/17/2010 5:06:42 AM - System Checkpoint
RP1584: 2/18/2010 5:18:42 AM - System Checkpoint
RP1585: 2/19/2010 5:22:14 AM - System Checkpoint
RP1586: 2/20/2010 6:22:18 AM - System Checkpoint
RP1587: 2/21/2010 7:12:17 AM - System Checkpoint
RP1588: 2/22/2010 8:00:13 AM - System Checkpoint
RP1589: 2/23/2010 9:00:13 AM - System Checkpoint
RP1590: 2/24/2010 9:04:57 AM - System Checkpoint
RP1591: 2/25/2010 9:19:22 AM - System Checkpoint
RP1592: 2/26/2010 10:19:26 AM - System Checkpoint
RP1593: 2/27/2010 11:24:38 AM - System Checkpoint
RP1594: 2/28/2010 12:19:22 PM - System Checkpoint
RP1595: 2/28/2010 1:46:56 PM - Registry Toolkit Restore Point
RP1596: 3/1/2010 2:40:05 PM - System Checkpoint
RP1597: 3/2/2010 3:01:22 PM - System Checkpoint
RP1598: 3/3/2010 3:01:22 PM - System Checkpoint
RP1599: 3/4/2010 4:01:26 PM - System Checkpoint
RP1600: 3/5/2010 5:01:22 PM - System Checkpoint
RP1601: 3/6/2010 5:06:33 PM - System Checkpoint
RP1602: 3/7/2010 5:06:35 PM - System Checkpoint
RP1603: 3/8/2010 5:27:43 PM - System Checkpoint
RP1604: 3/9/2010 6:41:51 PM - System Checkpoint
RP1605: 3/10/2010 7:43:24 PM - System Checkpoint
RP1606: 3/11/2010 8:23:16 PM - System Checkpoint
RP1607: 3/11/2010 9:47:39 PM - Installed PVACARS
RP1608: 3/12/2010 10:23:16 PM - System Checkpoint
RP1609: 3/14/2010 1:50:52 AM - System Checkpoint
RP1610: 3/15/2010 2:11:19 AM - System Checkpoint
RP1611: 3/15/2010 11:05:40 PM - Removed FSacars
RP1612: 3/15/2010 11:06:12 PM - Installed FSacars
RP1613: 3/17/2010 12:23:33 AM - System Checkpoint
RP1614: 3/18/2010 1:11:19 AM - System Checkpoint
RP1615: 3/19/2010 1:58:17 AM - System Checkpoint
RP1616: 3/20/2010 1:58:21 AM - System Checkpoint
RP1617: 3/21/2010 2:12:48 AM - System Checkpoint
RP1618: 3/22/2010 2:58:22 AM - System Checkpoint
RP1619: 3/23/2010 3:43:11 AM - System Checkpoint
RP1620: 3/24/2010 4:43:11 AM - System Checkpoint
RP1621: 3/25/2010 4:43:11 AM - System Checkpoint
RP1622: 3/26/2010 4:44:32 AM - System Checkpoint
RP1623: 3/27/2010 5:20:21 AM - System Checkpoint
RP1624: 3/28/2010 5:32:21 AM - System Checkpoint
RP1625: 3/29/2010 6:20:21 AM - System Checkpoint
RP1626: 3/30/2010 7:20:21 AM - System Checkpoint
RP1627: 3/31/2010 8:19:43 AM - System Checkpoint
RP1628: 4/1/2010 8:19:47 AM - System Checkpoint
RP1629: 4/2/2010 8:20:33 AM - System Checkpoint
RP1630: 4/3/2010 8:45:11 AM - System Checkpoint
RP1631: 4/3/2010 10:12:05 AM - Removed PVACARS
RP1632: 4/3/2010 10:12:45 AM - Installed PVACARS
RP1633: 4/4/2010 10:57:15 AM - System Checkpoint
RP1634: 4/5/2010 11:21:12 AM - System Checkpoint
RP1635: 4/5/2010 10:02:01 PM - VAFINANCIALS 4.0.1.26 Install O
RP1636: 4/5/2010 10:02:48 PM - VAFINANCIALS 4.0.1.26 Install O
RP1637: 4/6/2010 11:32:30 PM - System Checkpoint
RP1638: 4/8/2010 12:37:21 AM - System Checkpoint
RP1639: 4/9/2010 1:03:50 AM - System Checkpoint
RP1640: 4/10/2010 1:07:07 AM - System Checkpoint
RP1641: 4/11/2010 2:03:54 AM - System Checkpoint
RP1642: 4/12/2010 2:04:56 AM - System Checkpoint
RP1643: 4/15/2010 12:20:03 AM - System Checkpoint
RP1644: 4/16/2010 1:14:07 AM - System Checkpoint
RP1645: 4/17/2010 1:38:43 AM - System Checkpoint
RP1646: 4/23/2010 8:27:23 PM - System Checkpoint
RP1647: 4/23/2010 10:34:11 PM - avast! Free Antivirus Setup
RP1648: 4/24/2010 11:20:59 PM - System Checkpoint
RP1649: 4/26/2010 7:02:28 PM - System Checkpoint
RP1650: 4/27/2010 7:16:08 PM - System Checkpoint
RP1651: 4/28/2010 8:12:36 PM - System Checkpoint
RP1652: 4/29/2010 8:30:15 PM - System Checkpoint
RP1653: 4/29/2010 10:17:29 PM - Removed PVACARS
RP1654: 4/29/2010 10:19:23 PM - Installed PVACARS
RP1655: 5/1/2010 12:52:10 AM - System Checkpoint
RP1656: 5/2/2010 1:20:50 AM - System Checkpoint
RP1657: 5/3/2010 2:17:07 AM - System Checkpoint
RP1658: 5/4/2010 2:31:25 AM - System Checkpoint
RP1659: 5/5/2010 3:31:21 AM - System Checkpoint
RP1660: 5/6/2010 4:31:21 AM - System Checkpoint
RP1661: 5/7/2010 4:57:04 AM - System Checkpoint
RP1662: 5/8/2010 4:57:20 AM - System Checkpoint
RP1663: 5/9/2010 5:46:49 AM - System Checkpoint
RP1664: 5/10/2010 6:46:49 AM - System Checkpoint
RP1665: 5/11/2010 7:38:08 AM - System Checkpoint
RP1666: 5/12/2010 8:34:49 AM - System Checkpoint
RP1667: 5/13/2010 9:34:49 AM - System Checkpoint
RP1668: 5/14/2010 10:34:49 AM - System Checkpoint
RP1669: 5/15/2010 11:34:53 AM - System Checkpoint
RP1670: 5/16/2010 11:37:15 AM - System Checkpoint
RP1671: 5/17/2010 12:37:05 PM - System Checkpoint
RP1672: 5/18/2010 12:49:05 PM - System Checkpoint
RP1673: 5/19/2010 12:49:09 PM - System Checkpoint
RP1674: 5/20/2010 1:37:05 PM - System Checkpoint
RP1675: 5/21/2010 1:48:24 PM - System Checkpoint
RP1676: 5/22/2010 2:48:29 PM - System Checkpoint
RP1677: 5/23/2010 10:56:41 AM - Installed MozyHome
RP1678: 5/24/2010 11:46:42 AM - System Checkpoint
RP1679: 5/25/2010 12:46:46 PM - System Checkpoint
RP1680: 5/26/2010 1:46:46 PM - System Checkpoint
RP1681: 5/27/2010 2:46:42 PM - System Checkpoint
RP1682: 5/28/2010 3:12:24 PM - System Checkpoint
RP1683: 5/29/2010 3:12:28 PM - System Checkpoint
RP1684: 5/30/2010 3:35:23 PM - System Checkpoint
RP1685: 5/31/2010 3:36:29 PM - System Checkpoint
RP1686: 6/1/2010 3:47:20 PM - System Checkpoint
RP1687: 6/2/2010 4:35:24 PM - System Checkpoint
RP1688: 6/3/2010 5:35:24 PM - System Checkpoint
RP1689: 6/4/2010 5:59:19 PM - System Checkpoint
RP1690: 6/6/2010 12:48:58 AM - System Checkpoint
RP1691: 6/6/2010 9:33:16 AM - Removed MozyHome
RP1692: 6/6/2010 9:35:05 AM - Installed MozyHome Remote Backup
RP1693: 6/6/2010 12:24:49 PM - Installed MozyHome Remote Backup
RP1694: 6/6/2010 12:26:52 PM - Installed MozyHome Remote Backup
RP1695: 6/6/2010 12:28:51 PM - Installed MozyHome Remote Backup
RP1696: 6/6/2010 12:30:57 PM - Installed MozyHome
RP1697: 6/7/2010 1:02:22 PM - System Checkpoint
RP1698: 6/8/2010 2:02:22 PM - System Checkpoint
RP1699: 6/9/2010 2:02:22 PM - System Checkpoint
RP1700: 6/10/2010 2:35:55 PM - System Checkpoint
RP1701: 6/11/2010 3:35:55 PM - System Checkpoint
RP1702: 6/12/2010 3:35:55 PM - System Checkpoint
RP1703: 6/13/2010 12:12:22 PM - Installed MozyHome
RP1704: 6/14/2010 12:35:55 PM - System Checkpoint
RP1705: 6/14/2010 8:05:38 PM - Removed PVACARS
RP1706: 6/14/2010 8:08:14 PM - Installed PVACARS
RP1707: 6/15/2010 8:53:00 PM - System Checkpoint
RP1708: 6/16/2010 9:53:00 PM - System Checkpoint
RP1709: 6/17/2010 11:52:45 PM - System Checkpoint
RP1710: 6/21/2010 6:55:14 PM - System Checkpoint
RP1711: 6/21/2010 10:08:14 PM - Removed PVACARS
RP1712: 6/21/2010 10:09:20 PM - Installed PVACARS
RP1713: 6/22/2010 11:49:29 PM - System Checkpoint
RP1714: 6/23/2010 11:51:07 PM - System Checkpoint
RP1715: 6/24/2010 11:51:45 PM - System Checkpoint
RP1716: 6/26/2010 12:36:22 AM - System Checkpoint
RP1717: 6/27/2010 1:06:40 AM - System Checkpoint
RP1718: 6/28/2010 1:59:49 AM - System Checkpoint
RP1719: 6/29/2010 2:59:48 AM - System Checkpoint
RP1720: 6/30/2010 3:59:48 AM - System Checkpoint
RP1721: 7/1/2010 4:00:04 AM - System Checkpoint
RP1722: 7/2/2010 5:00:05 AM - System Checkpoint
RP1723: 7/3/2010 6:00:04 AM - System Checkpoint
RP1724: 7/4/2010 6:12:35 AM - System Checkpoint
RP1725: 7/5/2010 11:59:28 AM - System Checkpoint
RP1726: 7/6/2010 11:01:56 PM - System Checkpoint
RP1727: 7/7/2010 11:36:51 PM - System Checkpoint
RP1728: 7/8/2010 11:37:10 PM - System Checkpoint
RP1729: 7/10/2010 12:37:10 AM - System Checkpoint
RP1730: 7/11/2010 12:37:11 AM - System Checkpoint
RP1731: 7/12/2010 1:37:11 AM - System Checkpoint
RP1732: 7/13/2010 1:37:52 AM - System Checkpoint
RP1733: 7/14/2010 2:29:27 AM - System Checkpoint
RP1734: 7/15/2010 2:52:42 AM - System Checkpoint
RP1735: 7/16/2010 3:04:42 AM - System Checkpoint
RP1736: 7/17/2010 3:20:22 AM - System Checkpoint
RP1737: 7/18/2010 4:20:26 AM - System Checkpoint
RP1738: 7/19/2010 7:51:25 AM - System Checkpoint
RP1739: 7/20/2010 8:55:28 AM - System Checkpoint
RP1740: 7/21/2010 9:31:42 AM - System Checkpoint
RP1741: 7/23/2010 8:17:15 PM - System Checkpoint
RP1742: 7/24/2010 8:48:12 PM - System Checkpoint
RP1743: 7/25/2010 8:49:17 PM - System Checkpoint
RP1744: 7/26/2010 9:02:09 PM - System Checkpoint
RP1745: 7/27/2010 10:02:09 PM - System Checkpoint
RP1746: 7/28/2010 10:14:09 PM - System Checkpoint
RP1747: 7/29/2010 10:17:57 PM - System Checkpoint
RP1748: 7/30/2010 10:38:49 PM - System Checkpoint
RP1749: 7/31/2010 11:48:21 PM - System Checkpoint
RP1750: 8/2/2010 12:24:07 AM - System Checkpoint
RP1751: 8/3/2010 1:36:03 AM - System Checkpoint
RP1752: 8/6/2010 1:23:02 AM - System Checkpoint
RP1753: 8/6/2010 10:32:22 PM - Installed PVACARS
RP1754: 8/7/2010 11:23:50 PM - System Checkpoint
RP1755: 8/8/2010 11:46:13 PM - System Checkpoint
RP1756: 8/9/2010 6:31:08 PM - Installed Douglas DC-4 for FSX or FS2004
RP1757: 8/11/2010 12:49:31 AM - System Checkpoint
RP1758: 8/12/2010 1:46:13 AM - System Checkpoint
RP1759: 8/13/2010 2:46:13 AM - System Checkpoint
RP1760: 8/13/2010 10:53:06 PM - Installed BFL Acars
RP1761: 8/14/2010 11:43:06 PM - System Checkpoint
RP1762: 8/15/2010 11:46:34 PM - System Checkpoint
RP1763: 8/17/2010 8:54:09 AM - System Checkpoint
RP1764: 8/23/2010 12:42:59 PM - System Checkpoint
RP1765: 8/24/2010 1:09:43 PM - System Checkpoint
RP1766: 8/25/2010 2:09:43 PM - System Checkpoint
RP1767: 8/26/2010 2:21:43 PM - System Checkpoint
RP1768: 8/27/2010 3:08:18 PM - System Checkpoint
RP1769: 8/28/2010 3:09:43 PM - System Checkpoint
RP1770: 8/29/2010 2:05:07 PM - Installed PVACARS
RP1771: 8/30/2010 2:58:35 PM - System Checkpoint
RP1772: 8/31/2010 3:47:36 PM - System Checkpoint
RP1773: 9/1/2010 4:46:35 PM - System Checkpoint
RP1774: 9/3/2010 9:32:17 PM - System Checkpoint
RP1775: 9/4/2010 10:28:05 PM - System Checkpoint
RP1776: 9/5/2010 11:52:29 PM - System Checkpoint
RP1777: 9/6/2010 9:45:08 AM - Spyware Doctor: Cleaning Threats
RP1778: 9/7/2010 9:48:58 AM - System Checkpoint
RP1779: 9/7/2010 9:54:12 PM - Removed Ask Toolbar.
RP1780: 9/8/2010 9:17:45 PM - Spyware Doctor: Cleaning Threats
RP1781: 9/8/2010 9:31:46 PM - Removed Java(TM) 6 Update 11
RP1782: 9/8/2010 9:39:42 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP1783: 9/8/2010 10:08:31 PM - Installed Java(TM) 6 Update 21

==== Installed Programs ======================


Flight One Software Meridian 2004
727-100 Base Pack 2.3
727-200 Expansion Model Upgrade 2.4
727 Freighter Expansion Model 2.3
737 Pilot in Command
737 Pilot in Command (FSX)
757-200 Captain (Base)
AAV Digital Flight Recorder
Abexo Free Registry Cleaner
Active AirSource v3.27
Active Camera 2004 2.1 for FS 2004 (updated to 9.1)
Active Camera 2004 version 2.1 for FS 9.0
ActiveSky v6.5
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
Advanced SystemCare 3
Aerosoft's - DHC-6 Twin Otter X
AFX Demo
Airbus Series Vol.1 (FS X)
Airbus Series Vol.1 (FS2004)
Airport Chart
Airport Design Editor Version 1.37.5.0 (Patched from 1.20)
American Flight Airways CRJ-200LR
American Flight Airways Dash 8 for FSX
American Flight Airways Embraer ERJ-170 for FSX
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOLIcon
Apple Mobile Device Support
Apple Software Update
AtlanticSunACARS V2.0.5
avast! Free Antivirus
AVS Update Manager 1.0
AVS Video Editor 4
AVS Video Recorder 2.4
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.3
Baseball Mogul 2009 DEMO
Bellanca Viking Collection Build 4.1
BFL Acars
BirdsEyeView
Boeing B737NG Deluxe
Bonjour
Browser Defender 2.0.6.15
C-130 X-perience Pro Pack 1.3
Carbonite
Carenado Mooney M20J FSX
Carenado PA34 200T SENECA II FSX
CargoPilot (Shared Components)
CCScore
Choice Guard
Citation X (FS2004)
Citation X (FSX)
CLOUD9 Washington 1.01
CLS 3 Airbus Pack FSX
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Coupon Printer for Windows
Creative Audio Console
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Tools
DefragExpress! V1.49
DeHavilland Dash-8-300 2.004.01
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Delta Virtual Airlines 737NG (FSX)
Delta Virtual Airlines ACARS
Delta Virtual Airlines ACARS (beta) 2.1
Delta Virtual Airlines ACARS 2.2
DH Driver Cleaner Professional Edition
Digital Content Portal
Digital Line Detect
Diskeeper 2007 Home
DivX Player
DivX Web Player
Douglas DC-4 for FSX or FS2004
Drivers Install For Linksys Easylink Advisor
EA SPORTS online 2004
EducateU
ELIcon
EndItAll 2.0
Error Expert 1.5
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
FaxSendInstaller
FaxSetupInstaller
FeelThere PIC ERJ-145LR 1.2.6
FeelThere PIC ERJ-145LR for FSX 1.2.6
Flight 1 Software Cessna 441 - Conquest II 2.1
Flight 1 Software Cessna 441fsx - Conquest II 2.3
Flight One ATR 72-500
Flight One Software Pilatus PC-12 fsx
Flight One Text-o-Matic
Flight1 Downloader
FlightSim Commander
FLV Player 1.3.3
Fly the MADDOG 2006
Fly the MADDOG 2006 liveries
Fly the MADDOG 2008
FriendlyPanels FMC Pack1 for FSX & FS9
FS Economy client for FSX
FS Flight Keeper
FS FlightTracker
FSacars
FSAutoStart
FSBuild 2.3
FSCheckride by CATIII Software
FSDZigns Lockheed 049A Constellation
FSFDT FSCopilot
FSFDT FSInn
FSFDT VIP Standard 2004
FSNavigator
Game Booster
GameRanger
Globe Cargo FSACARS
Globe Cargo PIREP
Globe Cargo PIREP v2.3.1
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMyPC
Ground Environment
Ground Environment X North America
Ground Environment X USA-Canada
GVA ACARS
Hawaii Oahu
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP LaserJet M1319 MFP Series
HP LaserJet M1319 MFP Series Toolbox
HP LaserJet Toolbox
HP Photo Printing Software
hp psc 900 series
HP Share-to-Web
hppusgM1310
iFly 747-400
iFly 747-400 Service Pack 3
InCabin Locate for FSX
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 21
Jet City Aircraft 717-200
Just Flight - 757 Captain FSX
Just Flight - Cargo Pilot v1.00
KDTW Detroit
kgcbase
KIAD v1.3.1 for FS9 MetroAir Edition
KLGA La Guardia Demo Version
Kodak EasyShare software
Latin VFR MKJP FSX
LatinVFR Cayman Islands for FSX
Learn2 Player (Uninstall Only)
Legacy 'The Luxury Aircraft Collection'
Lernout & Hauspie TruVoice American English TTS Engine
Level-D 767-300 for FSX
Linksys EasyLink Advisor 1.6 (0032)
LiveDISPATCH 4
Malwarebytes' Anti-Malware
MarketResearch
MaxBlast 3
MCU
MD80 for AAV
MegaSceneryX Las Vegas
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Combat Flight Simulator 3.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X SDK SP1A
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft IntelliPoint 6.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Links 2003
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2000
MLB 2K9
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.6.8)
MozyHome Remote Backup
MrvlUsgTracking
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
MVP Baseball 2005
MySQL Connector/ODBC 3.51
Navigraph nDAC 2
Navigraph nDAC 3
NEMETH DESIGNS - S-76 SPIRIT
netbrdg
NetWaiting
NetZeroInstallers
nHancer
NuRoads Configurator
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
O&O Defrag Professional Edition
Oakland Metro International Airport by M1DG
OfotoXMI
OOTP Baseball 2006
OpenAL
Out of the Park Baseball 8
Out of the Park Baseball 9
Overland - World Airlines (Airbus)
Overland - World Airlines for FSX (Airbus)
PFPortChecker 1.0.32
PMDG 747-400/400F for FSX
PMDG BAe JS4100
PMDG_BAe_JS4100_AX
PMDG_BAe_JS4100_N401TJ
PMDG_BAe_JS4100_OGN
PMDG744X_GE_QF2
PMDG744X_RR_BA
PMDG744XF_GE_5XF
PMDG744XF_GE_5YF
PMDG744XF_GE_POF
PMDG744XF_PW_FXF
PS Panels 737NG Version 1.1
PSS B777 Professional 2004 (777-200 LR) 2.1
PSS Boeing 757 Pro 2006 1.2
PVACARS
QualityWings 757-200 v1.00 (Model Package Beta)
Quicken 2009
QuickTime
Radar Contact Version 4.3
Ready for Pushback V2_10 Full Version
Real Environment Xtreme
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.0
ReceiveInstaller
RegCure
Regional Jet Vol.1 - CRJ (FSX)
Registry Toolkit 1.3.0
Rhapsody Player Engine
RivaTuner v2.0 RC 16
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Saitek SST Programming Software
SAS_DC9v50
Scan To
SecondLife (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Self-Repair Technician
SFR
SHASTA
Shockwave
Shutterfly Plugin
SideWinder Precision 2
skin0001
SKINXSDK
Sonic Activation Module
Sonic CinePlayer DVD Pack
Sonic Update Manager
Sound Blaster Audigy 4
Sounds Best On Sound Blaster
Spybot - Search & Destroy 1.4
Spyware Doctor 7.0
SquawkBox 3
Squawkbox 3 Model Set (FS2004)
staticcr
TeamSpeak 2 RC2
The Brown Box 1.0.7
The Print Shop 20
Tiger Woods PGA TOUR 08
tooltips
Total 3D Home Deluxe
Tower Simulator
TRS2006
TTS_Technology
TuneUp Utilities 2007
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Basic 2007
TurboTax ItsDeductible 2006
TweakFPS for FSX
Tweakui Powertoy for Windows XP
Ultimate Terrain X - USA
Ultimate Traffic
UltimateDefrag
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
US ACARS 2.0
VAFINANCIALS 4.0.1.26
VAFS
VAFS4
vasFMC 1.10
VAT-Spy
Ventrilo Client
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
VPRINTOL
vroute.info
vroute.info - 1
WebFldrs XP
Wee Tune Beastie
WexTech AnswerWorks
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinPatrol 2008
WinRAR archiver
WinZip
WIRELESS
WordPerfect Office 12
X-treme King Air B200 v.2.0.1
X Graphics
XAcars for Microsoft Flightsimulator
XML Paper Specification Shared Components Pack 1.0
XPax
XviD MPEG-4 Video Codec
Yahoo! Companion

==== Event Viewer Messages From Past Week ========

9/8/2010 9:33:39 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/8/2010 9:31:59 PM, error: PlugPlayManager [11] - The device Root\LEGACY_CATCHME\0000 disappeared from the system without first being prepared for removal.
9/8/2010 9:31:42 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/8/2010 12:16:04 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
9/8/2010 12:04:40 AM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
9/8/2010 1:25:15 AM, error: HTTP [15006] - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR is invalid. This could be because another user has already created the log file or the directory.
9/7/2010 9:55:36 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The system cannot find the file specified.
9/7/2010 11:57:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: oreans32
9/7/2010 11:57:05 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
9/7/2010 11:00:58 PM, error: Service Control Manager [7034] - The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 10:03:15 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

==== End Of File ===========================
lehbird
Regular Member
 
Posts: 40
Joined: September 5th, 2010, 12:01 am

Re: Being Blocked from Malaware Updates & going onto Malawar

Unread postby km2357 » September 9th, 2010, 2:48 pm

Step # 1 Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available. (See Note below)

  • First, go to Add/Remove Programs and uninstall Adobe Reader 7.0.8.
  • Please go to this link Adobe Acrobat Reader Download Link
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Note: Adobe 9.3.4 is a large program and if you prefer a smaller program you can get Foxit 4.1.1 instead from http://www.foxitsoftware.com/downloads/index.php

If you decide to install Foxit 4.1.1 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes:

I accept the License Terms and want to install Foxit Toolbar

Make Ask.com my default search

Create desktop, quick launch and start menu icon to eBay


Step # 2: Download and Run JavaRa

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.



Step # 3: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    KILLALL::
    
    FixCSet::



  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    Image


    Note: This CFScript is for use on lehbird's computer only! Do not use it on your computer.


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Step # 4: Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.


In your next post/reply, I need to see the following:

1. JavaRa Log
2. The ComboFix Log that appears after Step #3 is completed.
3. Kaspersky Log
4. How is your computer doing, any problems?
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Being Blocked from Malaware Updates & going onto Malawar

Unread postby lehbird » September 10th, 2010, 5:45 pm

Here are my results:

1. Unfortunately, I was unable to remove Adobe 7.0.8. When I tried I received a window stating "This patch package could not be removed".

2. I successfully removed the old Java via the Javara. Log follows.

3. Ran CF Script. Combofix log follows.

4, Ran Kaspersky. Log follows.

5. As best I can tell all is running well. (Although Kaspersky found some things that have me nervous) Thanks so much for ALL your help !

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Sep 09 20:37:18 2010

Found and removed: C:\PROGRA~1\Java\j2re1.4.2_03

Found and removed: C:\PROGRA~1\Java\jre1.5.0_06

Found and removed: C:\DOCUME~1\DAVIDN~1.LEH\APPLIC~1\Sun\Java\jre1.6.0_13

------------------------------------

Finished reporting.



JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Sep 09 20:41:49 2010

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410203

Found and removed: SOFTWARE\Classes\JavaPlugin.142_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

------------------------------------

Finished reporting.



ComboFix 10-09-09.03 - David N. Leh 09/09/2010 21:30:21.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1176 [GMT -4:00]
Running from: c:\documents and settings\David N. Leh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David N. Leh\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gotomon.log

.
((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))
.

2010-09-10 01:23 . 2010-09-10 01:24 -------- d-----w- C:\32788R22FWJFW
2010-09-09 02:09 . 2010-09-09 02:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-06 13:35 . 2009-10-08 18:14 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-09-06 13:35 . 2009-10-08 18:14 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-09-06 13:35 . 2009-10-08 18:14 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-09-05 04:40 . 2010-09-05 04:40 -------- d-----w- c:\documents and settings\Dave 2010\Application Data\Malwarebytes
2010-09-05 03:01 . 2010-09-05 03:01 -------- d-----w- c:\documents and settings\Dave 2010\Local Settings\Application Data\Apple Computer
2010-09-05 03:00 . 2010-09-05 03:00 -------- d-----w- c:\documents and settings\Dave 2010\Local Settings\Application Data\SupportSoft
2010-09-05 03:00 . 2010-09-05 03:00 -------- d-----w- c:\documents and settings\Dave 2010\Application Data\Creative
2010-09-04 17:31 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-04 17:30 . 2010-09-04 17:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-04 00:30 . 2010-09-04 00:30 -------- d-----w- c:\documents and settings\Dave 2010\Application Data\Share-to-Web Upload Folder
2010-09-04 00:26 . 2010-09-04 00:26 -------- d-----w- c:\documents and settings\Dave 2010\Local Settings\Application Data\Mozilla
2010-09-03 22:42 . 2010-09-03 16:42 114 ----a-w- C:\shellfix.reg
2010-09-03 22:42 . 2010-09-03 16:28 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs
2010-09-03 22:42 . 2010-09-03 16:25 4532 ----a-w- C:\nodesktop.reg
2010-09-03 22:41 . 2010-09-03 22:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-09-03 22:34 . 2010-09-03 22:34 99240 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-03 22:33 . 2010-09-03 22:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2010-09-03 22:24 . 2010-09-03 22:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-28 19:37 . 2010-08-28 19:37 -------- d-----w- C:\spoolerlogs
2010-08-14 02:54 . 2010-08-14 02:54 -------- d-----w- c:\documents and settings\David N. Leh\Local Settings\Application Data\FS-Products

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 01:58 . 2009-07-08 02:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 01:55 . 2009-11-19 12:30 -------- d-----w- c:\program files\Spyware Doctor
2010-09-10 01:55 . 2009-02-21 18:11 3681 ----a-w- c:\windows\system32\mmf.sys
2010-09-10 00:51 . 2009-06-19 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-10 00:46 . 2009-02-21 17:48 -------- d-----w- c:\program files\Quicken
2010-09-10 00:37 . 2009-02-21 17:17 -------- d-----w- c:\program files\Java
2010-09-09 04:34 . 2009-02-21 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-09 02:10 . 2009-02-21 17:05 -------- d-----w- c:\program files\Common Files\Java
2010-09-09 02:10 . 2010-09-09 02:10 503808 ----a-w- c:\documents and settings\David N. Leh\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-533ab98a-n\msvcp71.dll
2010-09-09 02:10 . 2010-09-09 02:10 499712 ----a-w- c:\documents and settings\David N. Leh\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-533ab98a-n\jmc.dll
2010-09-09 02:10 . 2010-09-09 02:10 348160 ----a-w- c:\documents and settings\David N. Leh\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-533ab98a-n\msvcr71.dll
2010-09-09 02:10 . 2010-09-09 02:10 61440 ----a-w- c:\documents and settings\David N. Leh\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3f280ba0-n\decora-sse.dll
2010-09-09 02:10 . 2010-09-09 02:10 12800 ----a-w- c:\documents and settings\David N. Leh\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3f280ba0-n\decora-d3d.dll
2010-09-09 02:04 . 2010-09-09 02:04 79488 ----a-w- c:\documents and settings\David N. Leh\Application Data\Sun\Java\jre1.6.0_21\gtapi.dll
2010-09-09 02:04 . 2010-09-09 02:04 152576 ----a-w- c:\documents and settings\David N. Leh\Application Data\Sun\Java\jre1.6.0_21\lzma.dll
2010-09-07 15:12 . 2010-07-03 17:41 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-02-24 22:59 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-02-24 22:59 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-02-24 22:59 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-02-24 22:59 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-02-24 22:59 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-02-24 22:59 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-02-24 22:59 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-02-24 22:59 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-06 13:35 . 2009-11-19 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-04 17:29 . 2009-02-21 17:18 -------- d-----w- c:\program files\Lavasoft
2010-09-04 17:28 . 2009-02-21 17:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-04 00:22 . 2010-09-03 23:00 -------- d--h--w- c:\documents and settings\Dave 2010\Application Data\Gtek
2010-09-03 23:10 . 2009-02-21 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-09-03 23:03 . 2009-02-21 17:54 -------- d-----w- c:\program files\Web Publish
2010-08-28 19:43 . 2010-03-06 03:54 -------- d-----w- c:\documents and settings\David N. Leh\Application Data\vlc
2010-08-23 17:25 . 2006-10-29 15:44 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-08-17 18:10 . 2010-09-01 02:37 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
2010-08-14 02:53 . 2010-08-14 02:53 6082 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{BF04B549-AB62-4A70-92F3-613FBB23D923}\_EF2DE6B871DE07CA710128.exe
2010-08-14 02:53 . 2010-08-14 02:53 6082 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{BF04B549-AB62-4A70-92F3-613FBB23D923}\_6FEFF9B68218417F98F549.exe
2010-08-14 02:53 . 2010-08-14 02:53 6082 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{BF04B549-AB62-4A70-92F3-613FBB23D923}\_105300B85D110B41DF3FB4.exe
2010-08-12 12:16 . 2010-09-04 17:30 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-07-09 14:26 . 2010-09-01 02:38 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe
2010-07-02 14:25 . 2010-09-01 02:38 1118208 ------w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll
2010-07-02 14:25 . 2010-09-01 02:38 60416 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll
2010-06-16 01:41 . 2008-08-30 02:14 29926 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{A5637A7A-D40E-433B-8C64-BC6111F8342E}\_57901822.exe
2010-06-16 01:41 . 2008-08-30 02:14 23878 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{A5637A7A-D40E-433B-8C64-BC6111F8342E}\_3c9a3d18.exe
2010-06-16 01:41 . 2008-08-30 02:14 20758 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{A5637A7A-D40E-433B-8C64-BC6111F8342E}\_13f04d1e.exe
2010-06-16 01:41 . 2008-08-30 02:14 1078 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{A5637A7A-D40E-433B-8C64-BC6111F8342E}\_6c111d32.exe
2008-12-17 00:33 . 2006-12-29 15:47 147 ----a-w- c:\program files\RedStat.sts
2008-12-17 00:29 . 2006-12-28 16:26 406 ----a-w- c:\program files\MailList.dmn
2006-12-28 16:28 . 2006-12-28 16:28 0 ----a-w- c:\program files\HPSW.CKI
2006-12-28 16:27 . 2006-12-28 16:27 41 ----a-w- c:\program files\eregreg.ini
1999-01-06 05:09 . 2006-12-28 16:26 4039699 ----a-w- c:\program files\MailList.pdf
1998-10-29 04:41 . 2006-12-28 16:26 10584 ----a-w- c:\program files\Techsupp.hlp
1998-07-14 15:24 . 2006-12-28 16:26 363178 ----a-w- c:\program files\MailList.hlp
1998-07-14 13:02 . 2006-12-28 16:26 11790 ----a-w- c:\program files\MailList.cnt
1998-07-07 16:21 . 2006-12-28 16:26 196096 ----a-w- c:\program files\MailList.exe
1998-07-06 19:06 . 2006-12-28 16:26 385 ----a-w- c:\program files\webmain.url
1998-07-06 17:43 . 2006-12-28 16:26 77824 ----a-w- c:\program files\Textdbs.dbs
1998-07-06 17:42 . 2006-12-28 16:26 39424 ----a-w- c:\program files\Native.dbs
1998-07-06 17:24 . 2006-12-28 16:26 37376 ----a-w- c:\program files\AddrCD.rmv
1998-07-02 17:16 . 2006-12-28 16:26 18 ----a-w- c:\program files\bmUpd.ddm
1998-06-26 15:16 . 2006-12-28 16:26 71168 ----a-w- c:\program files\jeteng.dbs
1998-06-26 15:13 . 2006-12-28 16:26 28160 ----a-w- c:\program files\oldmaml.dbs
1998-06-04 12:55 . 2006-12-28 16:26 5442 ----a-w- c:\program files\POSTRATE.TXT
1998-06-04 12:55 . 2006-12-28 16:26 279611 ----a-w- c:\program files\PostTab.txt
1998-06-03 20:15 . 2006-12-28 16:26 12525 ----a-w- c:\program files\Intercom.hlp
1998-06-03 14:41 . 2006-12-28 16:26 17408 ----a-w- c:\program files\oldmald.dbs
1998-05-26 19:50 . 2006-12-28 16:26 361239 ----a-w- c:\program files\maillist.wth
1998-05-26 16:52 . 2006-12-28 16:26 301607 ----a-w- c:\program files\Orderfrm.hlp
1998-05-11 14:22 . 2006-12-28 16:26 516 ----a-w- c:\program files\Orderfrm.cnt
1998-05-04 16:56 . 2006-12-28 16:26 2609 ----a-w- c:\program files\ereginfo.ini
1998-04-27 11:24 . 2006-12-28 16:26 128 ----a-w- c:\program files\EREG.BIN
1998-01-02 19:29 . 2006-12-28 16:26 133 ----a-w- c:\program files\InterCom.cnt
1997-12-01 15:51 . 2006-12-28 16:26 233980 ----a-w- c:\program files\FORMDEF.FDL
1997-12-01 15:51 . 2006-12-28 16:26 231248 ----a-w- c:\program files\FORMOPS.FDL
1997-12-01 15:51 . 2006-12-28 16:26 181616 ----a-w- c:\program files\FORMMETA.FDL
1997-11-21 13:32 . 2006-12-28 16:26 66034 ----a-w- c:\program files\Hotels.mml
1997-11-21 13:32 . 2006-12-28 16:26 264192 ----a-w- c:\program files\Hotelsmml.bcf
1997-11-21 13:32 . 2006-12-28 16:26 2144 ----a-w- c:\program files\Hotelsmml.fsif
1997-11-21 13:32 . 2006-12-28 16:26 1568 ----a-w- c:\program files\Hotelsmml.msif
1997-11-21 13:32 . 2006-12-28 16:26 6344 ----a-w- c:\program files\Airlinesmml.fsif
1997-11-21 13:32 . 2006-12-28 16:26 4568 ----a-w- c:\program files\Airlinesmml.msif
1997-11-21 13:32 . 2006-12-28 16:26 262656 ----a-w- c:\program files\Airlinesmml.bcf
1997-11-21 13:32 . 2006-12-28 16:26 201934 ----a-w- c:\program files\Airlines.mml
1997-11-21 13:32 . 2006-12-28 16:26 45196 ----a-w- c:\program files\Car Rentals.mml
1997-11-21 13:32 . 2006-12-28 16:26 264192 ----a-w- c:\program files\Car Rentalsmml.bcf
1997-11-21 13:32 . 2006-12-28 16:26 1500 ----a-w- c:\program files\Car Rentalsmml.fsif
1997-11-21 13:32 . 2006-12-28 16:26 1108 ----a-w- c:\program files\Car Rentalsmml.msif
1997-08-22 22:03 . 2006-12-28 16:26 0 ----a-w- c:\program files\maillist.sup
2007-12-23 05:08 . 2007-12-23 05:08 61 --sh--w- c:\windows\cnerolf.bin
2006-04-01 01:40 . 2006-04-01 01:40 61 --sh--w- c:\windows\cnerolf.dat
2004-08-04 11:00 . 2004-08-10 18:51 94784 --sh--w- c:\windows\twain.dll
2004-08-04 11:00 . 2004-08-10 18:51 50688 --sh--w- c:\windows\twain_32.dll
2009-06-07 13:43 . 2006-03-25 13:49 152 --sh--r- c:\windows\system32\501AA94F16.sys
2004-08-04 11:00 . 2004-08-10 18:51 413696 --sh--w- c:\windows\system32\msvcp60.dll
2007-12-04 18:38 . 2004-08-10 18:51 550912 --sh--w- c:\windows\system32\oleaut32.dll
2004-08-04 11:00 . 2004-08-10 18:51 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-09-08_03.34.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-10 00:59 . 2010-09-10 00:59 16384 c:\windows\Temp\Perflib_Perfdata_788.dat
+ 2010-09-10 01:55 . 2010-09-10 01:55 16384 c:\windows\Temp\Perflib_Perfdata_750.dat
+ 2010-09-10 01:55 . 2010-09-10 01:55 16384 c:\windows\Temp\Perflib_Perfdata_738.dat
+ 2010-09-10 01:55 . 2010-09-10 01:55 16384 c:\windows\Temp\Perflib_Perfdata_628.dat
+ 2010-09-10 01:55 . 2010-09-10 01:55 16384 c:\windows\Temp\Perflib_Perfdata_188.dat
+ 2009-06-19 02:45 . 2010-04-29 19:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2009-06-19 02:45 . 2010-04-29 19:39 20952 c:\windows\system32\drivers\mbam.sys
+ 2010-09-09 02:09 . 2010-09-09 02:09 153376 c:\windows\system32\javaws.exe
+ 2010-09-09 02:09 . 2010-09-09 02:09 145184 c:\windows\system32\javaw.exe
+ 2010-09-09 02:09 . 2010-09-09 02:09 145184 c:\windows\system32\java.exe
+ 2010-09-09 02:10 . 2010-09-09 02:10 180224 c:\windows\Installer\88f47.msi
+ 2010-09-09 02:09 . 2010-09-09 02:09 677376 c:\windows\Installer\88f40.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2010-06-28 21:33 668816 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-06-28 21:33 668816 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2010-06-28 21:33 668816 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Registry Toolkit"="c:\program files\Registry Toolkit\RegToolkit.exe" [2008-07-01 1873200]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2006-08-09 184320]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2010-06-28 900240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MySoftware InterCom.lnk - c:\program files\Common Files\MySoftware\intercom.exe [2006-12-28 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2005-12-06 20:47 10848 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-09-07 15:12 2838912 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"nHancer"="c:\program files\nHancer\nHancer.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
"CTSysVol"=c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
"DLA"=c:\windows\System32\DLA\DLACTRLW.EXE
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WinPatrol"=c:\program files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"e:\\Program Files\\FSFDT\\FWInn\\FWINN.exe"=
"e:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"e:\\Program Files\\FSFDT\\Control Panel\\FSFDTCP.exe"=
"e:\\Program Files\\FSFDT\\FSInn UI VVL\\FSInnUIVVL.exe"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\MADDOG2006\\MDCP.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe"=
"c:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"=
"e:\\Program Files\\Tower Simulator v1\\Tower.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\X-Plane 9 Demo\\X-Plane.exe"=
"c:\\Documents and Settings\\David N. Leh\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\MADDOG2008\\MDCP.exe"=
"c:\\Program Files\\DiskTrix\\DefragExpress\\DefragExpress.exe"=
"g:\\Downloads\\Flight zips\\FSHost\\FSPortTest.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"e:\\Program Files\\Microsoft Games\\fshost\\FSHost32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"55008:TCP"= 55008:TCP:RWATC
"55009:TCP"= 55009:TCP:RWATC
"55010:TCP"= 55010:TCP:RWATC
"6073:TCP"= 6073:TCP:Fshost

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/4/2010 1:31 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/19/2009 8:31 AM 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [9/6/2010 9:35 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [9/6/2010 9:35 AM 59664]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/24/2010 6:59 PM 165584]
R1 NGS;Norman General Security Driver;c:\virusfighter\Nvc\Bin\ngs.sys [6/17/2009 11:43 PM 22712]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/19/2009 8:31 AM 229304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/24/2010 6:59 PM 17744]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/19/2009 8:33 AM 112592]
R2 HPM1319RcvFaxSrvc;HP M1319 Receive Fax Service;c:\program files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe [3/27/2008 4:24 PM 348160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355416]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [9/2/2006 2:10 PM 2560]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/19/2009 8:30 AM 358600]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
R3 HP1319EWS;HP1319EWS;c:\windows\system32\drivers\HP1319EWS.sys [2/28/2009 10:36 AM 12800]
R3 HP1319FAX;HP1319MFP FAX;c:\windows\system32\drivers\HP1319FAX.sys [2/28/2009 10:36 AM 13824]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/19/2009 8:31 AM 70408]
R3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2/20/2007 11:00 PM 182528]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [9/6/2010 9:35 AM 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [10/20/2006 8:52 PM 3712]
S1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys --> c:\windows\system32\drivers\oreans32.sys [?]
S2 gupdate1ca3fe3dfb19044;Google Update Service (gupdate1ca3fe3dfb19044);c:\program files\Google\Update\GoogleUpdate.exe [9/27/2009 10:32 PM 133104]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\DAVIDN~1.LEH\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\DAVIDN~1.LEH\LOCALS~1\Temp\ALSysIO.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2/20/2008 10:23 PM 69632]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 8:15 AM 15008]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-08-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-03 00:35]

2010-09-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]

2010-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-06-26 c:\windows\Tasks\DefragExpress.job
- c:\program files\DiskTrix\DefragExpress\DefragExpress.exe [2009-04-28 17:10]

2010-09-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-11 10:21]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 02:31]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 02:31]

2010-09-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2464157562-697926883-618238203-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2464157562-697926883-618238203-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2464157562-697926883-618238203-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2464157562-697926883-618238203-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-10 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-09-10 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-09-10 c:\windows\Tasks\User_Feed_Synchronization-{C6BF2B74-8D07-41C0-A757-BCF09C6BE98B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = By D&E Jazzd
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\David N. Leh\Application Data\Mozilla\Firefox\Profiles\3uu73kfu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CTFMON - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-09 21:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2464157562-697926883-618238203-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,50,94,16,01,b2,17,1a,42
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,6b,8d,dd,0b,84,72,f6,
f2,3d,a6,3c,a0,07,7d,db,f3,88,a8,6c,3f,5c,60,94,94,89,77,0c,65,96,1c,ff,8e,\
"18"=hex:70,56,26,33,e3,20,f8,ab

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="428500B68D149E9F0F2730D748E95F0AE58C4158A61B902EBE6A440AB77DA1E5173023004BF6E7A79E92894F4286730FA71F2B563069B0EC7863461849455F6A5E2684A724E95739952AA620CC1B1C5A8607833220F33FEC4A0DCFBC80D29910833F40F755D74CDAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5C50E1C50F48BF8D716278F8757F3082A0EC26355CA491C32FF036B54B1585C7862796D99DB5DA97BADDCD4733FA8ACB791A03D72437C6E19218124E12389661078EB36C7D3A0A5229C733C8B028F3FD530C37FDBEADB886A95814260894B0496A6637A759759016D0081752143B6FB08A4EC2CA68724CA4B8FEEDC9A26837F07D62A223019AF3F1A8D7EBA8A3FCC32DDF3F28528382AAE4E83254BBFA85D3FA750CFBF0E671FEA40DC3A90B4CC8FCF2F7916F9D926FBDA147687F714F5374C0E6414C122355BF263B30C8289D0EE8B3594DA5AA40DDB76AC6EE2A5602CAC94FCCB122FDED34879F5850C9A4CAD21C57F24B57E858070B83BB649847187AC86505620FA0A7936D6DEBAEAD96ACAEED77923C9BBFCD38F0E2DFBB0D973C852BFA522B28D7D4884A22DF2A7C8CBF4EF762EEA18805B253E5B6D03F510B3DA1ECB45B3B8777193F3D048573BF06A1F1999B9ED2B808C2CDA8DB0F08B0DD8A9850F1A990C946C276290A0F108776976CF65820F9CD095930BD670287FBBD3BC95AC1AC02127F3E0333E3935BE5C50B2777045216EABDF5976E2070000ACB8AA6D368363684519E4A45738F01F04F051F463CF8FA364EC0B64681098B319E543549DFFDAC4C609C488E4CE184C26537E3CF553E4EDD5880D0153CDC14CE3F1C110ED31CB31742910D0139CDBA7BC9F499CA55AD8B0FECA2C06F33E2DAC3AC0766B4A511711502FC3B51377B4DBD35B6F7ACF4B701FE90B7722EFC72F1F359DDF998673DDEFC1F818AFAF8F43B2F5318CD30A4B05165BCF4E86BE64A4149AB902054646948870DE5C4BC61AAD47BC5D7F7D68551F2FC5D33B788EE8B86AFFA3044CB973DCDF33215CA960E6FC0D01FDBECDFEEB63205D56F892AC83A4F97187264A2B24AE5026A1E8F5148FA7861682BB4556C5FAC42F84A1BB75DC102F6C3B191C1998057F803341A7594E949E31D716A823A3054FC1109BD5DC66E534435EA7457E337402141AE06D027395693AC7E40F54D7272FED914560CD4F1D0FD94414554602911495A0781F669CD142FFAC67802C9D29F9985F95EF68AE159A40179536D0D720FC27A5CD13DF96F4DF8E1E26CBD0C604B1FB9E8E217213722BB0CFD801C2098D1E2BF734CBDA9C71FB7AB8C09852211B8680DB8062703CFB1CB3DDCC39C0102C684BDB0DC57FC68"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
c:\program files\Spyware Doctor\TFEngine\TFNI.dll
c:\program files\Spyware Doctor\TFEngine\TFMon.dll
c:\program files\Spyware Doctor\TFEngine\TFRK.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'lsass.exe'(612)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Spyware Doctor\TFEngine\TfWah.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\program files\Google\Google Desktop Search\GoogleDesktopHyper.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Spyware Doctor\TFEngine\TFService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2010-09-09 22:08:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-10 02:08
ComboFix2.txt 2010-09-08 03:46

Pre-Run: 366,251,065,344 bytes free
Post-Run: 366,217,162,752 bytes free

- - End Of File - - CAFE309E3FB0D82B28515464BC4479BE


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, September 10, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 10, 2010 00:41:36
Records in database: 4209209
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Objects scanned: 915795
Threats found: 6
Infected objects found: 8
Suspicious objects found: 0
Scan duration: 09:12:02


File name / Threat / Threats count
C:\Documents and Settings\Dave 2010\My Documents\Local Settings\Temp\jar_cache8206155565353538054.tmp Infected: Exploit.Java.Agent.de 1
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1775\A0308843.exe Infected: Trojan-Dropper.Win32.Agent.cxgw 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1775\A0308844.exe Infected: Trojan-Dropper.Win32.Agent.cxgw 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1779\A0317269.sys Infected: Virus.Win32.TDSS.b 1
G:\Downloads\Flight zips\linksmod106_final.zip Infected: not-a-virus:AdWare.Win32.Rabio.jg 1
G:\MGtools.exe Infected: Trojan-Dropper.Win32.Agent.cyeu 1

Selected area has been scanned.
lehbird
Regular Member
 
Posts: 40
Joined: September 5th, 2010, 12:01 am

Re: Being Blocked from Malaware Updates & going onto Malawar

Unread postby km2357 » September 10th, 2010, 8:13 pm

Kaspersky found some infected System Restore points, they are harmless where they are. I'll show you how to remove them and set a new, clean one in an upcoming post.


Unfortunately, I was unable to remove Adobe 7.0.8. When I tried I received a window stating "This patch package could not be removed".


Did you mean "This patch package could not be opened"?

Try this:

Download the Windows Installer CleanUp Utility 7.2 from the following link:

http://majorgeeks.com/Windows_Installer ... d4459.html

Once downloaded, run the program, follow the instructions and select Adobe Reader 7.0.8 and click Remove. Once your done with Windows Installer Cleanup Utility, see if you can uninstall Adobe Reader 7.0.8 and then download and install Adobe Reader 9.3.4 using the link in my previous post.


Delete CFScript.txt from your Desktop, you will be creating and running a new one.


Step # 1: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    KILLALL::
    
    File::
    
    C:\Documents and Settings\Dave 2010\My Documents\Local Settings\Temp\jar_cache8206155565353538054.tmp
    C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz
    G:\Downloads\Flight zips\linksmod106_final.zip
    G:\MGtools.exe



  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    Image


    Note: This CFScript is for use on lehbird's computer only! Do not use it on your computer.


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Being Blocked from Malaware Updates & going onto Malawar

Unread postby lehbird » September 11th, 2010, 12:33 pm

Here my new Combofix log: (Thanks !!)

ComboFix 10-09-09.03 - David N. Leh 09/11/2010 0:17.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1034 [GMT -4:00]
Running from: c:\documents and settings\David N. Leh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David N. Leh\Desktop\cfscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\Dave 2010\My Documents\Local Settings\Temp\jar_cache8206155565353538054.tmp"
"c:\program files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz"
"c:\program files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz"
"g:\downloads\Flight zips\linksmod106_final.zip"
"G:\MGtools.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dave 2010\My Documents\Local Settings\Temp\jar_cache8206155565353538054.tmp
c:\program files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz
c:\program files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz
c:\windows\system32\gotomon.log
g:\downloads\Flight zips\linksmod106_final.zip
G:\MGtools.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

2010-09-09 02:10 . 2010-09-09 02:10 503808 ----a-w- c:\documents and settings\David N. Leh\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-533ab98a-n\msvcp71.dll
2010-09-09 02:10 . 2010-09-09 02:10 499712 ----a-w- c:\documents and settings\David N. Leh\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-533ab98a-n\jmc.dll
2010-09-09 02:10 . 2010-09-09 02:10 348160 ----a-w- c:\documents and settings\David N. Leh\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-533ab98a-n\msvcr71.dll
2010-09-09 02:10 . 2010-09-09 02:10 61440 ----a-w- c:\documents and settings\David N. Leh\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3f280ba0-n\decora-sse.dll
2010-09-09 02:10 . 2010-09-09 02:10 12800 ----a-w- c:\documents and settings\David N. Leh\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3f280ba0-n\decora-d3d.dll
2010-09-09 02:09 . 2010-09-09 02:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-09 02:04 . 2010-09-09 02:04 79488 ----a-w- c:\documents and settings\David N. Leh\Application Data\Sun\Java\jre1.6.0_21\gtapi.dll
2010-09-09 02:04 . 2010-09-09 02:04 152576 ----a-w- c:\documents and settings\David N. Leh\Application Data\Sun\Java\jre1.6.0_21\lzma.dll
2010-09-06 13:35 . 2009-10-08 18:14 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-09-06 13:35 . 2009-10-08 18:14 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-09-06 13:35 . 2009-10-08 18:14 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-09-05 04:40 . 2010-09-05 04:40 -------- d-----w- c:\documents and settings\Dave 2010\Application Data\Malwarebytes
2010-09-05 03:01 . 2010-09-05 03:01 -------- d-----w- c:\documents and settings\Dave 2010\Local Settings\Application Data\Apple Computer
2010-09-05 03:00 . 2010-09-05 03:00 -------- d-----w- c:\documents and settings\Dave 2010\Local Settings\Application Data\SupportSoft
2010-09-05 03:00 . 2010-09-05 03:00 -------- d-----w- c:\documents and settings\Dave 2010\Application Data\Creative
2010-09-04 17:31 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-04 17:30 . 2010-09-04 17:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-04 17:30 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-04 00:30 . 2010-09-04 00:30 -------- d-----w- c:\documents and settings\Dave 2010\Application Data\Share-to-Web Upload Folder
2010-09-04 00:26 . 2010-09-04 00:26 -------- d-----w- c:\documents and settings\Dave 2010\Local Settings\Application Data\Mozilla
2010-09-03 22:44 . 2006-04-05 23:38 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2010-09-03 22:42 . 2010-09-03 16:42 114 ----a-w- C:\shellfix.reg
2010-09-03 22:42 . 2010-09-03 16:28 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs
2010-09-03 22:42 . 2010-09-03 16:25 4532 ----a-w- C:\nodesktop.reg
2010-09-03 22:41 . 2010-09-03 22:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-09-03 22:34 . 2010-09-03 22:34 99240 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-03 22:33 . 2010-09-03 22:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2010-09-03 22:24 . 2010-09-03 22:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-01 02:38 . 2010-07-09 14:26 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe
2010-09-01 02:38 . 2010-07-02 14:25 1118208 ------w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll
2010-09-01 02:38 . 2010-07-02 14:25 60416 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll
2010-09-01 02:37 . 2010-08-17 18:10 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
2010-08-28 19:37 . 2010-08-28 19:37 -------- d-----w- C:\spoolerlogs
2010-08-14 02:54 . 2010-08-14 02:54 -------- d-----w- c:\documents and settings\David N. Leh\Local Settings\Application Data\FS-Products
2010-08-14 02:53 . 2010-08-14 02:53 6082 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{BF04B549-AB62-4A70-92F3-613FBB23D923}\_EF2DE6B871DE07CA710128.exe
2010-08-14 02:53 . 2010-08-14 02:53 6082 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{BF04B549-AB62-4A70-92F3-613FBB23D923}\_6FEFF9B68218417F98F549.exe
2010-08-14 02:53 . 2010-08-14 02:53 6082 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{BF04B549-AB62-4A70-92F3-613FBB23D923}\_105300B85D110B41DF3FB4.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 11:34 . 2009-07-08 02:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-11 11:32 . 2009-11-19 12:30 -------- d-----w- c:\program files\Spyware Doctor
2010-09-11 11:31 . 2009-02-21 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-11 11:31 . 2009-02-21 18:11 3681 ----a-w- c:\windows\system32\mmf.sys
2010-09-10 00:51 . 2009-06-19 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-10 00:46 . 2009-02-21 17:48 -------- d-----w- c:\program files\Quicken
2010-09-10 00:37 . 2009-02-21 17:17 -------- d-----w- c:\program files\Java
2010-09-09 02:10 . 2009-02-21 17:05 -------- d-----w- c:\program files\Common Files\Java
2010-09-07 15:12 . 2010-07-03 17:41 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-02-24 22:59 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-02-24 22:59 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-02-24 22:59 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-02-24 22:59 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-02-24 22:59 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-02-24 22:59 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-02-24 22:59 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-02-24 22:59 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-06 13:35 . 2009-11-19 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-04 17:29 . 2009-02-21 17:18 -------- d-----w- c:\program files\Lavasoft
2010-09-04 17:28 . 2009-02-21 17:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-04 00:22 . 2010-09-03 23:00 -------- d--h--w- c:\documents and settings\Dave 2010\Application Data\Gtek
2010-09-03 23:10 . 2009-02-21 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-09-03 23:03 . 2009-02-21 17:54 -------- d-----w- c:\program files\Web Publish
2010-08-28 19:43 . 2010-03-06 03:54 -------- d-----w- c:\documents and settings\David N. Leh\Application Data\vlc
2010-08-23 17:25 . 2006-10-29 15:44 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-16 01:41 . 2008-08-30 02:14 29926 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{A5637A7A-D40E-433B-8C64-BC6111F8342E}\_57901822.exe
2010-06-16 01:41 . 2008-08-30 02:14 23878 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{A5637A7A-D40E-433B-8C64-BC6111F8342E}\_3c9a3d18.exe
2010-06-16 01:41 . 2008-08-30 02:14 20758 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{A5637A7A-D40E-433B-8C64-BC6111F8342E}\_13f04d1e.exe
2010-06-16 01:41 . 2008-08-30 02:14 1078 ----a-r- c:\documents and settings\David N. Leh\Application Data\Microsoft\Installer\{A5637A7A-D40E-433B-8C64-BC6111F8342E}\_6c111d32.exe
2008-12-17 00:33 . 2006-12-29 15:47 147 ----a-w- c:\program files\RedStat.sts
2008-12-17 00:29 . 2006-12-28 16:26 406 ----a-w- c:\program files\MailList.dmn
2006-12-28 16:28 . 2006-12-28 16:28 0 ----a-w- c:\program files\HPSW.CKI
2006-12-28 16:27 . 2006-12-28 16:27 41 ----a-w- c:\program files\eregreg.ini
1999-01-06 05:09 . 2006-12-28 16:26 4039699 ----a-w- c:\program files\MailList.pdf
1998-10-29 04:41 . 2006-12-28 16:26 10584 ----a-w- c:\program files\Techsupp.hlp
1998-07-14 15:24 . 2006-12-28 16:26 363178 ----a-w- c:\program files\MailList.hlp
1998-07-14 13:02 . 2006-12-28 16:26 11790 ----a-w- c:\program files\MailList.cnt
1998-07-07 16:21 . 2006-12-28 16:26 196096 ----a-w- c:\program files\MailList.exe
1998-07-06 19:06 . 2006-12-28 16:26 385 ----a-w- c:\program files\webmain.url
1998-07-06 17:43 . 2006-12-28 16:26 77824 ----a-w- c:\program files\Textdbs.dbs
1998-07-06 17:42 . 2006-12-28 16:26 39424 ----a-w- c:\program files\Native.dbs
1998-07-06 17:24 . 2006-12-28 16:26 37376 ----a-w- c:\program files\AddrCD.rmv
1998-07-02 17:16 . 2006-12-28 16:26 18 ----a-w- c:\program files\bmUpd.ddm
1998-06-26 15:16 . 2006-12-28 16:26 71168 ----a-w- c:\program files\jeteng.dbs
1998-06-26 15:13 . 2006-12-28 16:26 28160 ----a-w- c:\program files\oldmaml.dbs
1998-06-04 12:55 . 2006-12-28 16:26 5442 ----a-w- c:\program files\POSTRATE.TXT
1998-06-04 12:55 . 2006-12-28 16:26 279611 ----a-w- c:\program files\PostTab.txt
1998-06-03 20:15 . 2006-12-28 16:26 12525 ----a-w- c:\program files\Intercom.hlp
1998-06-03 14:41 . 2006-12-28 16:26 17408 ----a-w- c:\program files\oldmald.dbs
1998-05-26 19:50 . 2006-12-28 16:26 361239 ----a-w- c:\program files\maillist.wth
1998-05-26 16:52 . 2006-12-28 16:26 301607 ----a-w- c:\program files\Orderfrm.hlp
1998-05-11 14:22 . 2006-12-28 16:26 516 ----a-w- c:\program files\Orderfrm.cnt
1998-05-04 16:56 . 2006-12-28 16:26 2609 ----a-w- c:\program files\ereginfo.ini
1998-04-27 11:24 . 2006-12-28 16:26 128 ----a-w- c:\program files\EREG.BIN
1998-01-02 19:29 . 2006-12-28 16:26 133 ----a-w- c:\program files\InterCom.cnt
1997-12-01 15:51 . 2006-12-28 16:26 233980 ----a-w- c:\program files\FORMDEF.FDL
1997-12-01 15:51 . 2006-12-28 16:26 231248 ----a-w- c:\program files\FORMOPS.FDL
1997-12-01 15:51 . 2006-12-28 16:26 181616 ----a-w- c:\program files\FORMMETA.FDL
1997-11-21 13:32 . 2006-12-28 16:26 66034 ----a-w- c:\program files\Hotels.mml
1997-11-21 13:32 . 2006-12-28 16:26 264192 ----a-w- c:\program files\Hotelsmml.bcf
1997-11-21 13:32 . 2006-12-28 16:26 2144 ----a-w- c:\program files\Hotelsmml.fsif
1997-11-21 13:32 . 2006-12-28 16:26 1568 ----a-w- c:\program files\Hotelsmml.msif
1997-11-21 13:32 . 2006-12-28 16:26 6344 ----a-w- c:\program files\Airlinesmml.fsif
1997-11-21 13:32 . 2006-12-28 16:26 4568 ----a-w- c:\program files\Airlinesmml.msif
1997-11-21 13:32 . 2006-12-28 16:26 262656 ----a-w- c:\program files\Airlinesmml.bcf
1997-11-21 13:32 . 2006-12-28 16:26 201934 ----a-w- c:\program files\Airlines.mml
1997-11-21 13:32 . 2006-12-28 16:26 45196 ----a-w- c:\program files\Car Rentals.mml
1997-11-21 13:32 . 2006-12-28 16:26 264192 ----a-w- c:\program files\Car Rentalsmml.bcf
1997-11-21 13:32 . 2006-12-28 16:26 1500 ----a-w- c:\program files\Car Rentalsmml.fsif
1997-11-21 13:32 . 2006-12-28 16:26 1108 ----a-w- c:\program files\Car Rentalsmml.msif
1997-08-22 22:03 . 2006-12-28 16:26 0 ----a-w- c:\program files\maillist.sup
2007-12-23 05:08 . 2007-12-23 05:08 61 --sh--w- c:\windows\cnerolf.bin
2006-04-01 01:40 . 2006-04-01 01:40 61 --sh--w- c:\windows\cnerolf.dat
2004-08-04 11:00 . 2004-08-10 18:51 94784 --sh--w- c:\windows\twain.dll
2004-08-04 11:00 . 2004-08-10 18:51 50688 --sh--w- c:\windows\twain_32.dll
2009-06-07 13:43 . 2006-03-25 13:49 152 --sh--r- c:\windows\system32\501AA94F16.sys
2004-08-04 11:00 . 2004-08-10 18:51 413696 --sh--w- c:\windows\system32\msvcp60.dll
2007-12-04 18:38 . 2004-08-10 18:51 550912 --sh--w- c:\windows\system32\oleaut32.dll
2004-08-04 11:00 . 2004-08-10 18:51 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-09-08_03.34.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-11 11:31 . 2010-09-11 11:31 16384 c:\windows\Temp\Perflib_Perfdata_760.dat
- 2010-09-08 03:32 . 2010-09-08 03:32 16384 c:\windows\Temp\Perflib_Perfdata_758.dat
+ 2010-09-11 04:36 . 2010-09-11 04:36 16384 c:\windows\Temp\Perflib_Perfdata_758.dat
- 2010-09-08 03:32 . 2010-09-08 03:32 16384 c:\windows\Temp\Perflib_Perfdata_740.dat
+ 2010-09-11 11:31 . 2010-09-11 11:31 16384 c:\windows\Temp\Perflib_Perfdata_740.dat
+ 2010-09-11 04:36 . 2010-09-11 04:36 16384 c:\windows\Temp\Perflib_Perfdata_73c.dat
+ 2010-09-11 11:31 . 2010-09-11 11:31 16384 c:\windows\Temp\Perflib_Perfdata_70c.dat
+ 2010-09-10 01:55 . 2010-09-10 01:55 16384 c:\windows\Temp\Perflib_Perfdata_628.dat
- 2010-09-08 03:32 . 2010-09-08 03:32 16384 c:\windows\Temp\Perflib_Perfdata_18c.dat
+ 2010-09-11 04:36 . 2010-09-11 04:36 16384 c:\windows\Temp\Perflib_Perfdata_18c.dat
+ 2010-09-11 11:31 . 2010-09-11 11:31 16384 c:\windows\Temp\Perflib_Perfdata_17c.dat
+ 2009-06-19 02:45 . 2010-04-29 19:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2009-06-19 02:45 . 2010-04-29 19:39 20952 c:\windows\system32\drivers\mbam.sys
+ 2006-03-25 03:56 . 2010-09-11 04:16 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-03-25 03:56 . 2010-09-07 02:07 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-03-25 03:56 . 2010-09-07 02:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-03-25 03:56 . 2010-09-11 04:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-12-21 16:00 . 2010-06-17 03:14 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-12-21 16:00 . 2010-09-11 04:16 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-09-11 04:16 . 2010-09-11 04:16 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-03-25 03:56 . 2010-09-07 02:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-09-09 02:09 . 2010-09-09 02:09 153376 c:\windows\system32\javaws.exe
+ 2010-09-09 02:09 . 2010-09-09 02:09 145184 c:\windows\system32\javaw.exe
+ 2010-09-09 02:09 . 2010-09-09 02:09 145184 c:\windows\system32\java.exe
+ 2010-09-09 02:10 . 2010-09-09 02:10 180224 c:\windows\Installer\88f47.msi
+ 2010-09-09 02:09 . 2010-09-09 02:09 677376 c:\windows\Installer\88f40.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2010-06-28 21:33 668816 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-06-28 21:33 668816 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2010-06-28 21:33 668816 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Registry Toolkit"="c:\program files\Registry Toolkit\RegToolkit.exe" [2008-07-01 1873200]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2006-08-09 184320]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2010-06-28 900240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MySoftware InterCom.lnk - c:\program files\Common Files\MySoftware\intercom.exe [2006-12-28 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2005-12-06 20:47 10848 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-09-07 15:12 2838912 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"nHancer"="c:\program files\nHancer\nHancer.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
"CTSysVol"=c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
"DLA"=c:\windows\System32\DLA\DLACTRLW.EXE
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WinPatrol"=c:\program files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"e:\\Program Files\\FSFDT\\FWInn\\FWINN.exe"=
"e:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"e:\\Program Files\\FSFDT\\Control Panel\\FSFDTCP.exe"=
"e:\\Program Files\\FSFDT\\FSInn UI VVL\\FSInnUIVVL.exe"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\MADDOG2006\\MDCP.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe"=
"c:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"=
"e:\\Program Files\\Tower Simulator v1\\Tower.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\X-Plane 9 Demo\\X-Plane.exe"=
"c:\\Documents and Settings\\David N. Leh\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\MADDOG2008\\MDCP.exe"=
"c:\\Program Files\\DiskTrix\\DefragExpress\\DefragExpress.exe"=
"g:\\Downloads\\Flight zips\\FSHost\\FSPortTest.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"e:\\Program Files\\Microsoft Games\\fshost\\FSHost32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"55008:TCP"= 55008:TCP:RWATC
"55009:TCP"= 55009:TCP:RWATC
"55010:TCP"= 55010:TCP:RWATC
"6073:TCP"= 6073:TCP:Fshost

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/4/2010 1:31 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/19/2009 8:31 AM 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [9/6/2010 9:35 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [9/6/2010 9:35 AM 59664]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/24/2010 6:59 PM 165584]
R1 NGS;Norman General Security Driver;c:\virusfighter\Nvc\Bin\ngs.sys [6/17/2009 11:43 PM 22712]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/19/2009 8:31 AM 229304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/24/2010 6:59 PM 17744]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/19/2009 8:33 AM 112592]
R2 HPM1319RcvFaxSrvc;HP M1319 Receive Fax Service;c:\program files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe [3/27/2008 4:24 PM 348160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355416]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [9/2/2006 2:10 PM 2560]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/19/2009 8:30 AM 358600]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
R3 HP1319EWS;HP1319EWS;c:\windows\system32\drivers\HP1319EWS.sys [2/28/2009 10:36 AM 12800]
R3 HP1319FAX;HP1319MFP FAX;c:\windows\system32\drivers\HP1319FAX.sys [2/28/2009 10:36 AM 13824]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/19/2009 8:31 AM 70408]
R3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2/20/2007 11:00 PM 182528]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [9/6/2010 9:35 AM 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [10/20/2006 8:52 PM 3712]
S1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys --> c:\windows\system32\drivers\oreans32.sys [?]
S2 gupdate1ca3fe3dfb19044;Google Update Service (gupdate1ca3fe3dfb19044);c:\program files\Google\Update\GoogleUpdate.exe [9/27/2009 10:32 PM 133104]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\DAVIDN~1.LEH\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\DAVIDN~1.LEH\LOCALS~1\Temp\ALSysIO.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2/20/2008 10:23 PM 69632]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 8:15 AM 15008]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-03 00:35]

2010-09-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]

2010-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-06-26 c:\windows\Tasks\DefragExpress.job
- c:\program files\DiskTrix\DefragExpress\DefragExpress.exe [2009-04-28 17:10]

2010-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-11 10:21]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 02:31]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 02:31]

2010-09-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2464157562-697926883-618238203-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2464157562-697926883-618238203-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2464157562-697926883-618238203-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2464157562-697926883-618238203-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-11 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-09-10 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{C6BF2B74-8D07-41C0-A757-BCF09C6BE98B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = By D&E Jazzd
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\David N. Leh\Application Data\Mozilla\Firefox\Profiles\3uu73kfu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-11 07:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2464157562-697926883-618238203-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,50,94,16,01,b2,17,1a,42
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,6b,8d,dd,0b,84,72,f6,
f2,3d,a6,3c,a0,07,7d,db,f3,88,a8,6c,3f,5c,60,94,94,89,77,0c,65,96,1c,ff,8e,\
"18"=hex:70,56,26,33,e3,20,f8,ab

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="428500B68D149E9F0F2730D748E95F0AE58C4158A61B902EBE6A440AB77DA1E5173023004BF6E7A79E92894F4286730FA71F2B563069B0EC7863461849455F6A5E2684A724E95739952AA620CC1B1C5A8607833220F33FEC4A0DCFBC80D29910833F40F755D74CDAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5C50E1C50F48BF8D716278F8757F3082A0EC26355CA491C32FF036B54B1585C7862796D99DB5DA97BADDCD4733FA8ACB791A03D72437C6E19218124E12389661078EB36C7D3A0A5229C733C8B028F3FD530C37FDBEADB886A95814260894B0496A6637A759759016D0081752143B6FB08A4EC2CA68724CA4B8FEEDC9A26837F07D62A223019AF3F1A8D7EBA8A3FCC32DDF3F28528382AAE4E83254BBFA85D3FA750CFBF0E671FEA40DC3A90B4CC8FCF2F7916F9D926FBDA147687F714F5374C0E6414C122355BF263B30C8289D0EE8B3594DA5AA40DDB76AC6EE2A5602CAC94FCCB122FDED34879F5850C9A4CAD21C57F24B57E858070B83BB649847187AC86505620FA0A7936D6DEBAEAD96ACAEED77923C9BBFCD38F0E2DFBB0D973C852BFA522B28D7D4884A22DF2A7C8CBF4EF762EEA18805B253E5B6D03F510B3DA1ECB45B3B8777193F3D048573BF06A1F1999B9ED2B808C2CDA8DB0F08B0DD8A9850F1A990C946C276290A0F108776976CF65820F9CD095930BD670287FBBD3BC95AC1AC02127F3E0333E3935BE5C50B2777045216EABDF5976E2070000ACB8AA6D368363684519E4A45738F01F04F051F463CF8FA364EC0B64681098B319E543549DFFDAC4C609C488E4CE184C26537E3CF553E4EDD5880D0153CDC14CE3F1C110ED31CB31742910D0139CDBA7BC9F499CA55AD8B0FECA2C06F33E2DAC3AC0766B4A511711502FC3B51377B4DBD35B6F7ACF4B701FE90B7722EFC72F1F359DDF998673DDEFC1F818AFAF8F43B2F5318CD30A4B05165BCF4E86BE64A4149AB902054646948870DE5C4BC61AAD47BC5D7F7D68551F2FC5D33B788EE8B86AFFA3044CB973DCDF33215CA960E6FC0D01FDBECDFEEB63205D56F892AC83A4F97187264A2B24AE5026A1E8F5148FA7861682BB4556C5FAC42F84A1BB75DC102F6C3B191C1998057F803341A7594E949E31D716A823A3054FC1109BD5DC66E534435EA7457E337402141AE06D027395693AC7E40F54D7272FED914560CD4F1D0FD94414554602911495A0781F669CD142FFAC67802C9D29F9985F95EF68AE159A40179536D0D720FC27A5CD13DF96F4DF8E1E26CBD0C604B1FB9E8E217213722BB0CFD801C2098D1E2BF734CBDA9C71FB7AB8C09852211B8680DB8062703CFB1CB3DDCC39C0102C684BDB0DC57FC68"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
c:\program files\Spyware Doctor\TFEngine\TFNI.dll
c:\program files\Spyware Doctor\TFEngine\TFMon.dll
c:\program files\Spyware Doctor\TFEngine\TFRK.dll

- - - - - - - > 'lsass.exe'(608)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'explorer.exe'(392)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Spyware Doctor\TFEngine\TfWah.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\program files\Google\Google Desktop Search\GoogleDesktopHyper.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Spyware Doctor\TFEngine\TFService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\vssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2010-09-11 07:45:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-11 11:45
ComboFix2.txt 2010-09-10 02:09
ComboFix3.txt 2010-09-08 03:46

Pre-Run: 365,854,932,992 bytes free
Post-Run: 365,828,419,584 bytes free

- - End Of File - - 5FBE8DF6E8AA809896FDF019E7D193D8
lehbird
Regular Member
 
Posts: 40
Joined: September 5th, 2010, 12:01 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 19 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware