sean dorian

Awesome! Alright, I will following the final clean up procedures. Thanks again LDTate! Great job!

I looked, but the system.exe file is no longer there. I fixed the internet connection issue by following the steps on this page.. http://www.syschat.com/how-fix-repair-wins...rrors-5459.html How's it looking now?

Here is the new log... ComboFix 10-10-22.03 - Tom 10/22/2010 15:57:33.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.514 [GMT -7:00] Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Tom\Desktop\CFScript.txt AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe" "c:\docume~1\Tom\LOCALS~1\Temp\system.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_KCDWNLOE -------\Service_kcdwnloe ((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 ))))))))))))))))))))))))))))))) . 2010-10-22 17:06 . 2010-10-22 17:06 -------- d-----w- c:\program files\Motorola 2010-10-22 17:05 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-10-22 17:05 . 2010-01-26 02:56 9472 ----a-w- c:\windows\system32\drivers\motusbdevice.sys 2010-10-22 17:05 . 2008-03-28 00:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll 2010-10-22 17:05 . 2010-04-01 21:31 23424 ----a-w- c:\windows\system32\drivers\Motousbnet.sys 2010-10-22 17:05 . 2009-01-30 00:11 6016 ----a-w- c:\windows\system32\drivers\motfilt.sys 2010-10-22 17:05 . 2010-06-18 22:09 23936 ----a-w- c:\windows\system32\drivers\motmodem.sys 2010-10-22 17:05 . 2010-06-18 21:41 19968 ----a-w- c:\windows\system32\drivers\motccgp.sys 2010-10-22 17:05 . 2009-01-30 00:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys 2010-10-22 17:05 . 2007-11-02 22:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys 2010-10-22 17:05 . 2010-10-22 17:05 -------- d-----w- c:\program files\Common Files\Motorola Shared 2010-10-21 23:39 . 2010-10-22 23:03 -------- d-sh--w- c:\documents and settings\Temporary Internet Files\Content.IE5 2010-10-20 19:31 . 2010-10-20 19:31 -------- d-----w- c:\program files\ESET 2010-10-19 22:30 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-19 22:30 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-19 20:18 . 2010-10-19 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro 2010-10-19 20:18 . 2010-10-19 20:18 -------- d-----w- c:\program files\Trend Micro 2010-10-19 17:46 . 2010-10-19 18:41 -------- d-----w- C:\Combo-Fix 2010-10-18 23:06 . 2010-10-18 23:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-10-15 18:59 . 2010-10-15 19:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-10-14 22:00 . 2010-10-14 22:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-09-29 19:13 . 2010-10-15 20:32 -------- d-----w- c:\documents and settings\Tom\Application Data\Delicious IE Extension 2010-09-29 19:12 . 2010-09-29 19:13 -------- d-----w- c:\program files\Delicious Add-on for Internet Explorer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-22 19:29 . 2001-08-23 10:00 2864 ----a-w- c:\windows\system32\winsock.dll 2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2007-11-10 00:10 . 2007-11-10 00:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-11-10 00:10 . 2007-11-10 00:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-11-10 00:10 . 2007-11-10 00:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-11-10 00:10 . 2007-11-10 00:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-11-10 00:10 . 2007-11-10 00:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-11-10 00:10 . 2007-11-10 00:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-11-10 00:10 . 2007-11-10 00:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-11-10 00:11 . 2007-11-10 00:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-11-10 00:11 . 2007-11-10 00:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . ------- Sigcheck ------- [-] 2008-05-23 . 7B7087411A9AF908277E9DF841D29C91 . 1613824 . . [5.1.2600.3264] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot_2010-10-21_23.39.59 ))))))))))))))))))))))))))))))))))))))))) . - 2001-08-23 10:00 . 2010-06-28 16:00 68156 c:\windows\system32\perfc009.dat + 2001-08-23 10:00 . 2010-10-22 22:34 68156 c:\windows\system32\perfc009.dat + 2010-10-22 17:05 . 2010-06-18 22:09 23936 c:\windows\system32\DRVSTORE\motport_4F4CBE1DF24686697EA24297424DF8E347630C56\motport.sys + 2010-10-22 17:05 . 2010-04-01 21:31 23424 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\Motousbnet.sys + 2010-10-22 17:05 . 2009-05-08 18:56 42752 c:\windows\system32\DRVSTORE\motodrv_9E3D9A40BFFF73BAD5B052681D43BC931352E639\motodrv.sys + 2010-10-22 17:05 . 2009-12-21 21:42 15616 c:\windows\system32\DRVSTORE\motodrv_9E3D9A40BFFF73BAD5B052681D43BC931352E639\mot_ci.dll + 2010-10-22 17:05 . 2009-07-10 20:01 25856 c:\windows\system32\DRVSTORE\motoandroi_281A0D1CF14FCFFB1B61021B981311BFDC53E1D2\motoandroid.sys + 2010-10-22 17:05 . 2010-06-18 22:09 23936 c:\windows\system32\DRVSTORE\motmodem_339FBB9A886D234C861F36407D0E4F9AF978E6CD\motmodem.sys + 2010-10-22 17:05 . 2010-06-18 21:41 19968 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motccgp.sys + 2008-03-27 23:27 . 2008-03-27 23:27 35040 c:\windows\system32\drivers\wdfldr.sys + 2010-10-22 17:05 . 2010-10-22 17:05 85182 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_7A8DFDDA16A557B2C4B697.exe + 2010-10-22 17:05 . 2010-01-26 02:56 9472 c:\windows\system32\DRVSTORE\motusbdevi_E42DBACAEBCECEBA9A8B12194BB5736D07B623F9\motusbdevice.sys + 2010-10-22 17:05 . 2007-11-02 22:51 6400 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\motswch.sys + 2010-10-22 17:05 . 2009-01-30 00:11 6016 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\motfilt.sys + 2010-10-22 17:05 . 2007-11-02 22:51 6400 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motswch.sys + 2010-10-22 17:05 . 2009-01-30 00:18 8320 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motccgpfl.sys - 2001-08-23 10:00 . 2001-08-23 10:00 2864 c:\windows\system32\dllcache\winsock.dll + 2001-08-23 10:00 . 2010-10-22 19:29 2864 c:\windows\system32\dllcache\winsock.dll + 2010-10-22 17:05 . 2010-10-22 17:05 7278 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_6FEFF9B68218417F98F549.exe + 2010-10-22 17:05 . 2010-10-22 17:05 7278 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_1C4C258407FCD759F84E91.exe - 2001-08-23 10:00 . 2010-06-28 16:00 435260 c:\windows\system32\perfh009.dat + 2001-08-23 10:00 . 2010-10-22 22:34 435260 c:\windows\system32\perfh009.dat + 2010-10-22 17:05 . 2009-03-02 16:00 103552 c:\windows\system32\DRVSTORE\Moser_D7089C7835F0E7ECEC244A670740F4C8336E0FA1\Mousbser.sys + 2010-10-22 17:05 . 2009-03-02 16:00 103552 c:\windows\system32\DRVSTORE\Momdm_D7089C7835F0E7ECEC244A670740F4C8336E0FA1\Mousbser.sys + 2008-03-27 23:27 . 2008-03-27 23:27 503008 c:\windows\system32\drivers\wdf01000.sys + 2010-10-22 17:06 . 2010-10-22 17:06 797696 c:\windows\Installer\10c83d.msi + 2010-10-22 17:05 . 2010-10-22 17:05 212480 c:\windows\Installer\10c837.msi + 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motusbdevi_E42DBACAEBCECEBA9A8B12194BB5736D07B623F9\wdfcoinstaller01007.dll + 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motport_4F4CBE1DF24686697EA24297424DF8E347630C56\wdfcoinstaller01007.dll + 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\wdfcoinstaller01007.dll + 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motoandroi_281A0D1CF14FCFFB1B61021B981311BFDC53E1D2\wdfcoinstaller01007.dll + 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motmodem_339FBB9A886D234C861F36407D0E4F9AF978E6CD\wdfcoinstaller01007.dll + 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\wdfcoinstaller01007.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-15 136176] "nNkmzK0WEAA7=="="c:\docume~1\Tom\LOCALS~1\Temp\system.exe" [bU] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-12-01 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-14 30248] "hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-24 618496] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "nNkmzK0WEAA7=="="c:\docume~1\Tom\LOCALS~1\Temp\system.exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] c:\documents and settings\Tom\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-8-19 503808] c:\documents and settings\All Users\Start Menu\Programs\Startup\ WM-Desktop-Alert.lnk - c:\program files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe [2008-12-26 370176] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Pidgin\\pidgin.exe"= R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2008 9:54 AM 38144] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [10/22/2010 10:06 AM 91456] R3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\drivers\RTL8187B.sys [10/14/2008 7:21 AM 238208] S1 cvmacii;cvmacii;c:\windows\system32\drivers\cvmacii.sys [11/30/2007 6:13 PM 303904] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [10/22/2010 10:05 AM 6016] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/22/2010 10:05 AM 19968] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/22/2010 10:05 AM 8320] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [10/22/2010 10:05 AM 23424] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [10/22/2010 10:05 AM 9472] S3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE [11/22/2005 11:30 AM 24576] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/13/2009 11:10 AM 717296] . Contents of the 'Scheduled Tasks' folder 2010-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1425521274-725345543-1003Core.job - c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 20:26] 2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1425521274-725345543-1003UA.job - c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 20:26] 2010-10-22 c:\windows\Tasks\Updater.job - d:\documents and settings\All Users\Application Data\Update\seupd.exe [2010-10-07 16:38] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = <local> FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\vj895qtp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - prefs.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s= FF - plugin: c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google FF - user.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-22 16:07 Windows 5.1.2600 Service Pack 3, v.5938 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/ Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi 1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2 aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6 GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv 7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12 z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38 /6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1 CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/ /c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB 1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09 8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92 9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED 7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1 LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h nNkmzK0WEAA7== = c:\docume~1\Tom\LOCALS~1\Temp\system.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/ Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi 1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2 aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6 GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv 7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12 z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38 /6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1 CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/ /c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB 1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09 8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92 9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED 7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1 LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h nNkmzK0WEAA7== = c:\docume~1\Tom\LOCALS~1\Temp\system.exe ctfmon.exe = c:\windows\system32\ctfmon.exe scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/ Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi 1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2 aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6 GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv 7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12 z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38 /6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1 CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/ /c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB 1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09 8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92 9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED 7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1 LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h nNkmzK0WEAA7=="="c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/ Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi 1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2 aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6 GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv 7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12 z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38 /6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1 CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/ /c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB 1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09 8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92 9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED 7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1 LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h nNkmzK0WEAA7=="="c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1220) c:\windows\system32\relog_ap.dll - - - - - - - > 'explorer.exe'(3636) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\nvsvc32.exe c:\program files\Visioneer\OneTouch 4.0\OtService.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Motorola\MotoConnectService\MotoConnect.exe . ************************************************************************** . Completion time: 2010-10-22 16:11:14 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-22 23:11 ComboFix2.txt 2010-10-22 22:38 ComboFix3.txt 2010-10-21 23:45 ComboFix4.txt 2010-07-08 17:33 ComboFix5.txt 2010-10-22 22:56 Pre-Run: 42,709,209,088 bytes free Post-Run: 42,695,073,792 bytes free Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - CEFF99901B71B7FBF4B0893FFA233D79

Alright, here is the ComboFix log... ComboFix 10-10-22.03 - Tom 10/22/2010 15:24:59.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.458 [GMT -7:00] Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Tom\Desktop\CFScript.txt AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\windows\system32\drivers\aAAAAAa.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Tom\Local Settings\Application Data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7} c:\documents and settings\Tom\Local Settings\Application Data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}\chrome.manifest c:\documents and settings\Tom\Local Settings\Application Data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}\chrome\content\_cfg.js c:\documents and settings\Tom\Local Settings\Application Data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}\chrome\content\overlay.xul c:\documents and settings\Tom\Local Settings\Application Data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}\install.rdf c:\program files\Mozilla Firefox\searchplugins\google_search.xml . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_5DE6C4AB -------\Service_aAAAAAa ((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 ))))))))))))))))))))))))))))))) . 2010-10-22 17:06 . 2010-10-22 17:06 -------- d-----w- c:\program files\Motorola 2010-10-22 17:05 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-10-22 17:05 . 2010-01-26 02:56 9472 ----a-w- c:\windows\system32\drivers\motusbdevice.sys 2010-10-22 17:05 . 2008-03-28 00:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll 2010-10-22 17:05 . 2010-04-01 21:31 23424 ----a-w- c:\windows\system32\drivers\Motousbnet.sys 2010-10-22 17:05 . 2009-01-30 00:11 6016 ----a-w- c:\windows\system32\drivers\motfilt.sys 2010-10-22 17:05 . 2010-06-18 22:09 23936 ----a-w- c:\windows\system32\drivers\motmodem.sys 2010-10-22 17:05 . 2010-06-18 21:41 19968 ----a-w- c:\windows\system32\drivers\motccgp.sys 2010-10-22 17:05 . 2009-01-30 00:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys 2010-10-22 17:05 . 2007-11-02 22:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys 2010-10-22 17:05 . 2010-10-22 17:05 -------- d-----w- c:\program files\Common Files\Motorola Shared 2010-10-21 23:39 . 2010-10-22 22:30 -------- d-sh--w- c:\documents and settings\Temporary Internet Files\Content.IE5 2010-10-20 19:31 . 2010-10-20 19:31 -------- d-----w- c:\program files\ESET 2010-10-19 22:30 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-19 22:30 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-19 20:18 . 2010-10-19 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro 2010-10-19 20:18 . 2010-10-19 20:18 -------- d-----w- c:\program files\Trend Micro 2010-10-19 17:46 . 2010-10-19 18:41 -------- d-----w- C:\Combo-Fix 2010-10-18 23:06 . 2010-10-18 23:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-10-15 18:59 . 2010-10-15 19:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-10-14 22:00 . 2010-10-14 22:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-09-29 19:13 . 2010-10-15 20:32 -------- d-----w- c:\documents and settings\Tom\Application Data\Delicious IE Extension 2010-09-29 19:12 . 2010-09-29 19:13 -------- d-----w- c:\program files\Delicious Add-on for Internet Explorer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-22 19:29 . 2001-08-23 10:00 2864 ----a-w- c:\windows\system32\winsock.dll 2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2007-11-10 00:10 . 2007-11-10 00:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-11-10 00:10 . 2007-11-10 00:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-11-10 00:10 . 2007-11-10 00:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-11-10 00:10 . 2007-11-10 00:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-11-10 00:10 . 2007-11-10 00:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-11-10 00:10 . 2007-11-10 00:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-11-10 00:10 . 2007-11-10 00:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-11-10 00:11 . 2007-11-10 00:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-11-10 00:11 . 2007-11-10 00:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . ------- Sigcheck ------- [-] 2008-05-23 . 7B7087411A9AF908277E9DF841D29C91 . 1613824 . . [5.1.2600.3264] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot_2010-10-21_23.39.59 ))))))))))))))))))))))))))))))))))))))))) . - 2001-08-23 10:00 . 2010-06-28 16:00 68156 c:\windows\system32\perfc009.dat + 2001-08-23 10:00 . 2010-10-22 22:34 68156 c:\windows\system32\perfc009.dat + 2010-10-22 17:05 . 2010-06-18 22:09 23936 c:\windows\system32\DRVSTORE\motport_4F4CBE1DF24686697EA24297424DF8E347630C56\motport.sys + 2010-10-22 17:05 . 2010-04-01 21:31 23424 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\Motousbnet.sys + 2010-10-22 17:05 . 2009-05-08 18:56 42752 c:\windows\system32\DRVSTORE\motodrv_9E3D9A40BFFF73BAD5B052681D43BC931352E639\motodrv.sys + 2010-10-22 17:05 . 2009-12-21 21:42 15616 c:\windows\system32\DRVSTORE\motodrv_9E3D9A40BFFF73BAD5B052681D43BC931352E639\mot_ci.dll + 2010-10-22 17:05 . 2009-07-10 20:01 25856 c:\windows\system32\DRVSTORE\motoandroi_281A0D1CF14FCFFB1B61021B981311BFDC53E1D2\motoandroid.sys + 2010-10-22 17:05 . 2010-06-18 22:09 23936 c:\windows\system32\DRVSTORE\motmodem_339FBB9A886D234C861F36407D0E4F9AF978E6CD\motmodem.sys + 2010-10-22 17:05 . 2010-06-18 21:41 19968 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motccgp.sys + 2008-03-27 23:27 . 2008-03-27 23:27 35040 c:\windows\system32\drivers\wdfldr.sys + 2010-10-22 17:05 . 2010-10-22 17:05 85182 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_7A8DFDDA16A557B2C4B697.exe + 2010-10-22 17:05 . 2010-01-26 02:56 9472 c:\windows\system32\DRVSTORE\motusbdevi_E42DBACAEBCECEBA9A8B12194BB5736D07B623F9\motusbdevice.sys + 2010-10-22 17:05 . 2007-11-02 22:51 6400 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\motswch.sys + 2010-10-22 17:05 . 2009-01-30 00:11 6016 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\motfilt.sys + 2010-10-22 17:05 . 2007-11-02 22:51 6400 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motswch.sys + 2010-10-22 17:05 . 2009-01-30 00:18 8320 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motccgpfl.sys - 2001-08-23 10:00 . 2001-08-23 10:00 2864 c:\windows\system32\dllcache\winsock.dll + 2001-08-23 10:00 . 2010-10-22 19:29 2864 c:\windows\system32\dllcache\winsock.dll + 2010-10-22 17:05 . 2010-10-22 17:05 7278 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_6FEFF9B68218417F98F549.exe + 2010-10-22 17:05 . 2010-10-22 17:05 7278 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_1C4C258407FCD759F84E91.exe - 2001-08-23 10:00 . 2010-06-28 16:00 435260 c:\windows\system32\perfh009.dat + 2001-08-23 10:00 . 2010-10-22 22:34 435260 c:\windows\system32\perfh009.dat + 2010-10-22 17:05 . 2009-03-02 16:00 103552 c:\windows\system32\DRVSTORE\Moser_D7089C7835F0E7ECEC244A670740F4C8336E0FA1\Mousbser.sys + 2010-10-22 17:05 . 2009-03-02 16:00 103552 c:\windows\system32\DRVSTORE\Momdm_D7089C7835F0E7ECEC244A670740F4C8336E0FA1\Mousbser.sys + 2008-03-27 23:27 . 2008-03-27 23:27 503008 c:\windows\system32\drivers\wdf01000.sys + 2010-10-22 17:06 . 2010-10-22 17:06 797696 c:\windows\Installer\10c83d.msi + 2010-10-22 17:05 . 2010-10-22 17:05 212480 c:\windows\Installer\10c837.msi + 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motusbdevi_E42DBACAEBCECEBA9A8B12194BB5736D07B623F9\wdfcoinstaller01007.dll + 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motport_4F4CBE1DF24686697EA24297424DF8E347630C56\wdfcoinstaller01007.dll + 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\wdfcoinstaller01007.dll + 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motoandroi_281A0D1CF14FCFFB1B61021B981311BFDC53E1D2\wdfcoinstaller01007.dll + 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motmodem_339FBB9A886D234C861F36407D0E4F9AF978E6CD\wdfcoinstaller01007.dll + 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\wdfcoinstaller01007.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-15 136176] "nNkmzK0WEAA7=="="c:\docume~1\Tom\LOCALS~1\Temp\system.exe" [bU] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-12-01 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-14 30248] "hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-24 618496] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "nNkmzK0WEAA7=="="c:\docume~1\Tom\LOCALS~1\Temp\system.exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] c:\documents and settings\Tom\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-8-19 503808] c:\documents and settings\All Users\Start Menu\Programs\Startup\ WM-Desktop-Alert.lnk - c:\program files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe [2008-12-26 370176] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Pidgin\\pidgin.exe"= R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2008 9:54 AM 38144] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [10/22/2010 10:06 AM 91456] R3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\drivers\RTL8187B.sys [10/14/2008 7:21 AM 238208] S0 kcdwnloe;kcdwnloe; [x] S1 cvmacii;cvmacii;c:\windows\system32\drivers\cvmacii.sys [11/30/2007 6:13 PM 303904] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [10/22/2010 10:05 AM 6016] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/22/2010 10:05 AM 19968] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/22/2010 10:05 AM 8320] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [10/22/2010 10:05 AM 23424] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [10/22/2010 10:05 AM 9472] S3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE [11/22/2005 11:30 AM 24576] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/13/2009 11:10 AM 717296] . Contents of the 'Scheduled Tasks' folder 2010-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1425521274-725345543-1003Core.job - c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 20:26] 2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1425521274-725345543-1003UA.job - c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 20:26] 2010-10-22 c:\windows\Tasks\Updater.job - d:\documents and settings\All Users\Application Data\Update\seupd.exe [2010-10-07 16:38] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = <local> FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\vj895qtp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - prefs.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s= FF - plugin: c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google FF - user.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-22 15:34 Windows 5.1.2600 Service Pack 3, v.5938 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/ Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi 1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2 aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6 GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv 7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12 z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38 /6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1 CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/ /c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB 1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09 8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92 9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED 7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1 LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h nNkmzK0WEAA7== = c:\docume~1\Tom\LOCALS~1\Temp\system.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/ Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi 1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2 aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6 GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv 7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12 z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38 /6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1 CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/ /c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB 1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09 8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92 9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED 7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1 LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h nNkmzK0WEAA7== = c:\docume~1\Tom\LOCALS~1\Temp\system.exe ctfmon.exe = c:\windows\system32\ctfmon.exe scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/ Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi 1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2 aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6 GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv 7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12 z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38 /6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1 CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/ /c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB 1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09 8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92 9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED 7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1 LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h nNkmzK0WEAA7=="="c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/ Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi 1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2 aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6 GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv 7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12 z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38 /6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1 CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/ /c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB 1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09 8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92 9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED 7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1 LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h nNkmzK0WEAA7=="="c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1220) c:\windows\system32\relog_ap.dll - - - - - - - > 'explorer.exe'(2136) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\nvsvc32.exe c:\program files\Visioneer\OneTouch 4.0\OtService.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Motorola\MotoConnectService\MotoConnect.exe . ************************************************************************** . Completion time: 2010-10-22 15:38:20 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-22 22:38 ComboFix2.txt 2010-10-21 23:45 ComboFix3.txt 2010-07-08 17:33 ComboFix4.txt 2010-06-24 22:45 Pre-Run: 42,704,646,144 bytes free Post-Run: 42,694,201,344 bytes free Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - D5096CB44227FE929C0F31EACD320487

Ok, I think I've fixed the winsock problem, I followed the steps I found on here http://www.syschat.com/how-fix-repair-wins...rrors-5459.html Is there anything else I need to do now?? Thanks again!

After doing some research, it appears as though I'd be able to fix the winsock.dll problem if I had the XP disc by using sfc /scannow. Unfortunately, I don't. I downloaded a new copy of winsock.dll and replaced the original one, but when I attempt to register it via regsvr32, I get the error that winsock.dll is not an executable file and no registration helper is registered for this file type. Is this something you can still help me with?? Oh and by the way, MBAM now runs fine and finds no infection =) So for that, thank you x 10000

Hi LDTate, Well, I was able to delete those files and run ComboFix, it seems to have cleared it up. The only problem now is, is that I somehow lost network functionality, neither wireless or wired connections work. So I'm currently using my phone (hahah) as a thumb drive to bring over this combofix log and go from there. The other thing is that upon startup I am getting multiple (12 to 15) Bad Image errors with the message "The application or DLL C:\Windows\system32\winsock.dll is not a valid Windows image". Whats next? ComboFix 10-10-20.04 - Tom 10/21/2010 16:26:34.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.648 [GMT -7:00] Running from: c:\combofix\ComboFix.exe Command switches used :: ComboFix AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\.wtav c:\documents and settings\Tom\Application Data\SystemProc c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf c:\program files\Mozilla Firefox\searchplugins\google_search.xml c:\windows\avp32.exe c:\windows\csrss.exe c:\windows\debug.exe c:\windows\install.exe c:\windows\mdm.exe c:\windows\svchost.exe c:\windows\sysedit.exe c:\windows\system32\certstore.dat c:\windows\System32\drivers\vbma4f28.sys c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job Infected copy of c:\windows\system32\drivers\fips.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_USERINIT -------\Service_6to4 -------\Service_userinit -------\Service_vbma4f28 ((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 ))))))))))))))))))))))))))))))) . 2010-10-21 23:39 . 2010-10-21 23:39 -------- d-sh--w- c:\documents and settings\Temporary Internet Files\Content.IE5 2010-10-20 19:31 . 2010-10-20 19:31 -------- d-----w- c:\program files\ESET 2010-10-19 22:30 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-19 22:30 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-19 20:18 . 2010-10-19 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro 2010-10-19 20:18 . 2010-10-19 20:18 -------- d-----w- c:\program files\Trend Micro 2010-10-19 17:46 . 2010-10-19 18:41 -------- d-----w- C:\Combo-Fix 2010-10-18 23:06 . 2010-10-18 23:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-10-15 18:59 . 2010-10-15 19:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-10-14 22:00 . 2010-10-14 22:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-10-11 21:54 . 2010-10-11 21:54 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7} 2010-09-29 19:13 . 2010-10-15 20:32 -------- d-----w- c:\documents and settings\Tom\Application Data\Delicious IE Extension 2010-09-29 19:12 . 2010-09-29 19:13 -------- d-----w- c:\program files\Delicious Add-on for Internet Explorer 2010-09-22 19:12 . 2010-09-22 19:13 -------- d-----w- c:\documents and settings\Tom\Application Data\gtk-2.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-10 00:10 . 2007-11-10 00:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-11-10 00:10 . 2007-11-10 00:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-11-10 00:10 . 2007-11-10 00:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-11-10 00:10 . 2007-11-10 00:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-11-10 00:10 . 2007-11-10 00:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-11-10 00:10 . 2007-11-10 00:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-11-10 00:10 . 2007-11-10 00:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-11-10 00:11 . 2007-11-10 00:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-11-10 00:11 . 2007-11-10 00:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . ((((((((((((((((((((((((((((( SnapShot_2010-07-08_17.29.18 ))))))))))))))))))))))))))))))))))))))))) . + 2005-06-24 14:03 . 2005-06-24 14:03 65536 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KMTIGSN.dll + 2005-06-24 14:03 . 2005-06-24 14:03 53248 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KMTIGPN.dll + 2005-06-24 14:03 . 2005-06-24 14:03 49152 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KMTIGBD.dll + 2005-06-24 14:03 . 2005-06-24 14:03 98304 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KMTIGBC.dll + 2005-06-24 14:03 . 2005-06-24 14:03 65536 c:\windows\system32\spool\drivers\w32x86\3\KMTIGSN.dll + 2005-06-24 14:03 . 2005-06-24 14:03 53248 c:\windows\system32\spool\drivers\w32x86\3\KMTIGPN.dll + 2005-06-24 14:03 . 2005-06-24 14:03 49152 c:\windows\system32\spool\drivers\w32x86\3\KMTIGBD.dll + 2005-06-24 14:03 . 2005-06-24 14:03 98304 c:\windows\system32\spool\drivers\w32x86\3\KMTIGBC.dll - 2009-02-11 15:01 . 2007-07-13 16:10 68608 c:\windows\system32\spool\drivers\w32x86\3\BRLCH06A.DLL + 2009-02-11 15:01 . 2007-07-14 08:10 68608 c:\windows\system32\spool\drivers\w32x86\3\BRLCH06A.DLL + 2009-02-11 15:01 . 2008-03-20 08:00 47672 c:\windows\system32\spool\drivers\w32x86\3\BRFCH06A.EXE - 2009-02-11 15:01 . 2008-03-19 16:00 47672 c:\windows\system32\spool\drivers\w32x86\3\BRFCH06A.EXE + 2005-06-24 14:03 . 2005-06-24 14:03 65536 c:\windows\system32\KMTIGSN.dll + 2005-06-24 14:03 . 2005-06-24 14:03 49152 c:\windows\system32\KMTIGBD.dll + 2005-06-24 14:03 . 2005-06-24 14:03 98304 c:\windows\system32\KMTIGBC.dll + 2010-07-21 23:33 . 2010-10-21 22:48 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2010-07-21 23:33 . 2010-10-21 22:48 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-10-19 17:07 . 2010-10-19 17:07 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT + 2010-07-21 23:33 . 2010-10-21 22:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-05-24 01:02 . 2010-07-14 10:08 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-05-24 01:02 . 2010-06-26 10:09 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2008-05-24 01:02 . 2010-07-14 10:08 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2008-05-24 01:02 . 2010-06-26 10:09 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2008-05-24 01:02 . 2010-06-26 10:09 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2008-05-24 01:02 . 2010-07-14 10:08 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2008-11-04 10:09 . 2008-11-04 10:09 77200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\TWSTRUCT.DLL + 2008-11-04 10:09 . 2008-11-04 10:09 19840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\TWRECS.DLL + 2008-11-04 10:09 . 2008-11-04 10:09 51576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\TWRECE.DLL + 2008-11-04 10:09 . 2008-11-04 10:09 27520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\TWORIENT.DLL + 2008-11-04 10:09 . 2008-11-04 10:09 58224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\TWLAY32.DLL + 2008-11-04 10:09 . 2008-11-04 10:09 87928 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\TWCUTLIN.DLL + 2008-11-04 10:08 . 2008-11-04 10:08 30032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\THOCRAPI.DLL + 2009-04-02 19:02 . 2009-04-02 19:02 14720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SMARTTAGINSTALL.EXE + 2009-03-06 12:04 . 2009-03-06 12:04 33152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SETLANG.EXE + 2008-11-04 10:08 . 2008-11-04 10:08 19840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\REVERSE.DLL + 2009-03-06 11:04 . 2009-03-06 11:04 39464 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\REFIEBAR.DLL + 2008-11-04 10:29 . 2008-11-04 10:29 39248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\REFEDIT.DLL + 2008-11-04 10:08 . 2008-11-04 10:08 77208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PSOM.DLL + 2009-04-02 19:02 . 2009-04-02 19:02 45968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OSETUPPS.DLL + 2009-04-02 19:02 . 2009-04-02 19:02 17792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OPHPROXY.DLL + 2009-04-02 19:02 . 2009-04-02 19:02 15760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OMUOPTINPS.DLL + 2009-03-06 11:23 . 2009-03-06 11:23 22432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OISCTRL.DLL + 2008-11-04 09:02 . 2008-11-04 09:02 54744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OFFRHD.DLL + 2009-03-06 11:04 . 2009-03-06 11:04 64872 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\NAME.DLL + 2009-04-02 19:01 . 2009-04-02 19:01 42864 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSSH.DLL + 2009-03-06 12:04 . 2009-03-06 12:04 19824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPGIMME.DLL + 2009-04-04 01:46 . 2009-04-04 01:46 34200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSOSTYLE.DLL + 2008-11-10 18:41 . 2008-11-10 18:41 67472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSONPUI.DLL + 2008-11-10 18:41 . 2008-11-10 18:41 32656 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSONPMON.DLL + 2008-11-04 10:49 . 2008-11-04 10:49 66424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSOMSE.DLL + 2008-11-10 17:50 . 2008-11-10 17:50 68472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSOHTMED.EXE + 2008-11-10 17:50 . 2008-11-10 17:50 76664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSOHEV.DLL + 2008-11-10 18:38 . 2008-11-10 18:38 27000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSOEURO.DLL + 2008-11-04 06:39 . 2008-11-04 06:39 14728 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSOCFU.DLL + 2009-04-02 19:01 . 2009-04-02 19:01 18816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSMH.DLL + 2009-03-06 12:10 . 2009-03-06 12:10 47472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSE7.EXE + 2008-10-26 13:26 . 2008-10-26 13:26 66944 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSAEXP30.DLL + 2008-10-25 13:18 . 2008-10-25 13:18 89464 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\METCONV.DLL + 2008-11-04 10:30 . 2008-11-04 10:30 65384 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MDIUI.DLL + 2008-11-04 10:30 . 2008-11-04 10:30 30568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MDIMON.DLL + 2009-03-06 11:26 . 2009-03-06 11:26 65400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\INLAUNCH.DLL + 2008-11-04 09:09 . 2008-11-04 09:09 33640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVESYSTEMMODE.DLL + 2008-10-25 18:44 . 2008-10-25 18:44 16752 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVESTDURLLAUNCHER.EXE + 2008-10-25 18:44 . 2008-10-25 18:44 22872 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVENEW.DLL + 2008-10-25 18:44 . 2008-10-25 18:44 31072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEMONITOR.EXE + 2008-10-25 18:44 . 2008-10-25 18:44 33632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVECLEAN.EXE + 2008-10-25 18:44 . 2008-10-25 18:44 16224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEAUTOPROXY.DLL + 2008-10-25 18:44 . 2008-10-25 18:44 65888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEAUDITSERVICE.EXE + 2008-11-04 10:08 . 2008-11-04 10:08 76152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\FORM.DLL + 2009-04-02 19:01 . 2009-04-02 19:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EXP_XPS.DLL + 2009-04-04 01:46 . 2009-04-04 01:46 97640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EXP_PDF.DLL + 2008-10-26 12:42 . 2008-10-26 12:42 65376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\COLLIMP.DLL + 2008-10-25 13:18 . 2008-10-25 13:18 54152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\AUTHZAX.DLL + 2009-03-06 09:48 . 2009-03-06 09:48 55152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACERCLR.DLL + 2008-10-25 12:31 . 2008-10-25 12:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEODTXT.DLL + 2008-10-25 12:31 . 2008-10-25 12:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEODPDX.DLL + 2008-10-25 12:31 . 2008-10-25 12:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEODEXL.DLL + 2008-10-25 12:31 . 2008-10-25 12:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEODDBS.DLL + 2009-03-06 09:47 . 2009-03-06 09:47 47008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEERR.DLL + 2008-11-21 09:02 . 2008-11-21 09:02 94592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACCOLK.DLL + 2010-08-03 10:00 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll + 2010-08-03 10:00 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2286198\spmsg.dll + 2010-07-14 10:13 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll + 2010-07-14 10:13 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2229593\spmsg.dll + 2010-09-15 18:28 . 2001-08-18 05:36 8192 c:\windows\system32\kbdkor.dll + 2010-09-15 18:28 . 2001-08-18 05:36 8704 c:\windows\system32\kbdjpn.dll + 2010-09-15 18:28 . 2007-12-01 07:22 6144 c:\windows\system32\kbd106.dll + 2010-09-15 18:28 . 2001-08-17 21:55 5632 c:\windows\system32\kbd103.dll + 2010-09-15 18:28 . 2001-08-17 21:55 6144 c:\windows\system32\kbd101c.dll + 2010-09-15 18:28 . 2001-08-17 21:55 6144 c:\windows\system32\kbd101b.dll + 2010-09-15 18:28 . 2001-08-18 05:36 8192 c:\windows\system32\dllcache\kbdkor.dll + 2010-09-15 18:28 . 2001-08-18 05:36 8704 c:\windows\system32\dllcache\kbdjpn.dll + 2010-09-15 18:28 . 2007-12-01 07:22 6144 c:\windows\system32\dllcache\kbd106.dll + 2010-09-15 18:28 . 2001-08-17 21:55 5632 c:\windows\system32\dllcache\kbd103.dll + 2010-09-15 18:28 . 2001-08-17 21:55 6144 c:\windows\system32\dllcache\kbd101c.dll + 2010-09-15 18:28 . 2001-08-17 21:55 6144 c:\windows\system32\dllcache\kbd101b.dll + 2009-03-11 05:18 . 2009-03-11 05:18 934792 c:\windows\system32\WgaTray.exe + 2009-03-11 05:18 . 2009-03-11 05:18 239496 c:\windows\system32\WgaLogon.dll + 2007-12-01 07:26 . 2009-03-08 12:33 420352 c:\windows\system32\vbscript.dll - 2007-12-01 07:26 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll + 2005-06-24 14:03 . 2005-06-24 14:03 188472 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KTIGXG2.dll + 2005-06-24 14:03 . 2005-06-24 14:03 540727 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KTIG6G2.dll + 2005-06-24 14:03 . 2005-06-24 14:03 213048 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KTIG5G2.dll + 2005-06-24 14:03 . 2005-06-24 14:03 188472 c:\windows\system32\spool\drivers\w32x86\3\KTIGXG2.dll + 2005-06-24 14:03 . 2005-06-24 14:03 540727 c:\windows\system32\spool\drivers\w32x86\3\KTIG6G2.dll + 2005-06-24 14:03 . 2005-06-24 14:03 213048 c:\windows\system32\spool\drivers\w32x86\3\KTIG5G2.dll - 2009-02-11 15:01 . 2008-06-22 16:12 698633 c:\windows\system32\spool\drivers\w32x86\3\BROCH06A.DLL + 2009-02-11 15:01 . 2008-06-23 08:12 698633 c:\windows\system32\spool\drivers\w32x86\3\BROCH06A.DLL + 2009-08-03 22:07 . 2009-08-03 22:07 230768 c:\windows\system32\OGAEXEC1.exe + 2009-08-03 22:07 . 2009-08-03 22:07 403816 c:\windows\system32\OGACheckControl1.dll + 2009-08-03 22:07 . 2009-08-03 22:07 322928 c:\windows\system32\OGAAddin1.dll + 2007-12-01 07:25 . 2009-03-08 12:32 611840 c:\windows\system32\mstime.dll - 2007-12-01 07:25 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll + 2007-12-01 07:24 . 2009-02-09 12:10 281568 c:\windows\system32\msojlxpn.dll + 2010-09-20 17:34 . 2010-09-20 17:35 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe + 2010-09-20 17:34 . 2010-09-20 17:35 311760 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.dll + 2007-12-01 07:25 . 2009-03-08 12:33 726528 c:\windows\system32\jscript.dll - 2007-12-01 07:25 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll + 2007-12-01 01:13 . 2007-12-01 01:13 303904 c:\windows\system32\drivers\cvmacii.sys + 2009-03-11 05:18 . 2009-03-11 05:18 934792 c:\windows\system32\dllcache\WgaTray.exe + 2009-03-11 05:18 . 2009-03-11 05:18 239496 c:\windows\system32\dllcache\wgaLogon.dll + 2007-12-01 07:26 . 2009-03-08 12:33 420352 c:\windows\system32\dllcache\vbscript.dll - 2007-12-01 07:26 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll + 2007-12-01 07:25 . 2009-03-08 12:32 611840 c:\windows\system32\dllcache\mstime.dll - 2007-12-01 07:25 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll - 2007-12-01 07:25 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll + 2007-12-01 07:25 . 2009-03-08 12:33 726528 c:\windows\system32\dllcache\jscript.dll - 2008-05-23 23:21 . 2007-12-01 07:26 744448 c:\windows\system32\dllcache\helpsvc.exe + 2008-05-23 23:21 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe - 2008-05-23 23:21 . 2007-12-01 07:26 744448 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe + 2008-05-23 23:21 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe + 2010-09-22 20:43 . 2010-09-22 20:43 807936 c:\windows\Installer\24cf0195.msi + 2008-05-24 01:02 . 2010-07-14 10:08 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-05-24 01:02 . 2010-06-26 10:09 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2008-05-24 01:02 . 2010-07-14 10:08 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2008-05-24 01:02 . 2010-06-26 10:09 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2008-05-24 01:02 . 2010-06-26 10:09 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-05-24 01:02 . 2010-07-14 10:08 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-05-24 01:02 . 2010-07-14 10:08 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-05-24 01:02 . 2010-06-26 10:09 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-05-24 01:02 . 2010-06-26 10:09 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-05-24 01:02 . 2010-07-14 10:08 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-05-24 01:02 . 2010-07-14 10:08 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-05-24 01:02 . 2010-06-26 10:09 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-05-24 01:02 . 2010-07-14 10:08 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2008-05-24 01:02 . 2010-06-26 10:09 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2008-11-04 10:09 . 2008-11-04 10:09 532872 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\XPAGE3C.DLL + 2009-04-04 00:57 . 2009-04-04 00:57 509256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WRD12CVR.DLL + 2008-11-04 10:09 . 2008-11-04 10:09 127360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\TWCUTCHR.DLL + 2009-03-06 09:37 . 2009-03-06 09:37 501640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SOA.DLL + 2009-04-02 20:06 . 2009-04-02 20:06 439160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SETUP.EXE + 2008-10-25 13:19 . 2008-10-25 13:19 503688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SELFCERT.EXE + 2009-04-02 21:35 . 2009-04-02 21:35 368520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPSLAX.DLL + 2008-10-26 12:42 . 2008-10-26 12:42 482656 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PORTCONN.DLL + 2009-03-06 12:17 . 2009-03-06 12:17 101232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OSA.EXE + 2008-11-04 10:34 . 2008-11-04 10:34 540072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ORGCHART.EXE + 2008-11-04 10:04 . 2008-11-04 10:04 783288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONSYNCPC.DLL + 2008-11-04 08:24 . 2008-11-04 08:24 285576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OISGRAPH.DLL + 2008-11-04 08:24 . 2008-11-04 08:24 998784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OISAPP.DLL + 2008-11-04 08:24 . 2008-11-04 08:24 274808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OIS.EXE + 2008-03-19 13:27 . 2008-03-19 13:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OGALEGIT.DLL + 2009-04-02 20:06 . 2009-04-02 20:06 231848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ODEPLOY.EXE + 2009-03-06 12:16 . 2009-03-06 12:16 538968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSTORES.DLL + 2009-03-06 12:16 . 2009-03-06 12:16 144728 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSTORE.EXE + 2009-03-06 12:16 . 2009-03-06 12:16 832344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSTORDB.EXE + 2008-10-25 05:21 . 2008-10-25 05:21 505192 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSSOAP30.DLL + 2009-03-06 12:05 . 2009-03-06 12:05 671072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSQRY32.EXE + 2009-03-06 12:04 . 2009-03-06 12:04 436096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPVIEW.EXE + 2009-03-06 12:04 . 2009-03-06 12:04 154520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPSCAN.EXE + 2008-11-21 06:42 . 2008-11-21 06:42 732504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPROOF6.DLL + 2008-11-10 18:35 . 2008-11-10 18:35 773000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPFILT.DLL + 2008-10-25 05:50 . 2008-10-25 05:50 436584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSORUN.DLL + 2008-11-10 18:41 . 2008-11-10 18:41 864144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSONPDRV.DLL + 2009-03-06 11:04 . 2009-03-06 11:04 427848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSODCW.DLL + 2009-03-06 10:31 . 2009-03-06 10:31 160616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSOCF.DLL + 2008-11-04 11:13 . 2008-11-04 11:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSCONV97.DLL + 2008-10-25 20:39 . 2008-10-25 20:39 290632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSCDM.DLL + 2008-11-04 10:49 . 2008-11-04 10:49 460680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MODHELP.DLL + 2008-11-04 10:49 . 2008-11-04 10:49 829280 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MEDCAT.DLL + 2009-02-14 12:40 . 2009-02-14 12:40 524696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MDIVWCTL.DLL + 2008-11-04 10:30 . 2008-11-04 10:30 274832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MDIINK.DLL + 2008-11-10 18:35 . 2008-11-10 18:35 793448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MDIGRAPH.DLL + 2009-04-02 19:01 . 2009-04-02 19:01 177520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IETAG.DLL + 2008-10-25 13:18 . 2008-10-25 13:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IEAWSDC.DLL + 2009-02-14 13:04 . 2009-02-14 13:04 625520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBSERVICES.DLL + 2009-02-12 22:19 . 2009-02-12 22:19 688512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBPLATFORMSERVICES.DLL + 2009-02-14 13:04 . 2009-02-14 13:04 265592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBBROWSERTOOL2.DLL + 2009-03-06 11:33 . 2009-03-06 11:33 961888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEUTIL.DLL + 2009-02-12 22:19 . 2009-02-12 22:19 178040 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVESYSTEMSERVICES.DLL + 2009-02-12 22:19 . 2009-02-12 22:19 361328 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVESKETCHTOOL.DLL + 2009-02-12 22:19 . 2009-02-12 22:19 222072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEPROJECTTOOLSET.DLL + 2008-10-25 18:44 . 2008-10-25 18:44 317800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEMIGRATOR.EXE + 2008-10-25 18:44 . 2008-10-25 18:44 197464 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEGAMES.DLL + 2009-02-14 13:03 . 2009-02-14 13:03 283496 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEFETCHSERVICES.DLL + 2008-10-25 18:44 . 2008-10-25 18:44 376176 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEDATAVIEWERTOOL.DLL + 2009-02-14 13:03 . 2009-02-14 13:03 765792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVECOMPONENTMGR.DLL + 2009-02-14 13:03 . 2009-02-14 13:03 115592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL + 2009-02-14 13:03 . 2009-02-14 13:03 298336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVECALENDARTOOL.DLL + 2009-02-14 13:03 . 2009-02-14 13:03 281944 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEAUDIO.DLL + 2009-02-14 13:03 . 2009-02-14 13:03 337264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVE.EXE + 2008-11-25 05:17 . 2008-11-25 05:17 983944 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\FPWEC.DLL + 2008-11-04 08:44 . 2008-11-04 08:44 435096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DWTRIG20.EXE + 2008-11-04 08:44 . 2008-11-04 08:44 439632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DWDCW20.DLL + 2009-03-06 11:04 . 2009-03-06 11:04 105856 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DSSM.EXE + 2009-02-12 22:19 . 2009-02-12 22:19 233832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DRAT.EXE + 2008-11-21 07:02 . 2008-11-21 07:02 189816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\CONTACTPICKER.DLL + 2008-11-04 10:47 . 2008-11-04 10:47 205680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\CLVIEW.EXE + 2008-11-04 11:21 . 2008-11-04 11:21 400208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\CDLMSO.DLL + 2009-03-06 09:48 . 2009-03-06 09:48 370608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEXBE.DLL + 2008-11-04 11:06 . 2008-11-04 11:06 208816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEWSS.DLL + 2009-03-06 09:48 . 2009-03-06 09:48 223152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACETXT.DLL + 2009-03-06 09:48 . 2009-03-06 09:48 550840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEREP.DLL + 2009-03-06 09:48 . 2009-03-06 09:48 288688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACER3X.DLL + 2009-03-06 09:48 . 2009-03-06 09:48 255920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACER2X.DLL + 2009-03-06 09:48 . 2009-03-06 09:48 391096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEPDE.DLL + 2009-03-06 09:48 . 2009-03-06 09:48 387000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEOLEDB.DLL + 2009-03-06 09:48 . 2009-03-06 09:48 278912 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEODBC.DLL + 2009-03-06 09:48 . 2009-03-06 09:48 206776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACELTS.DLL + 2009-03-06 09:48 . 2009-03-06 09:48 628656 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEEXCL.DLL + 2009-03-06 09:48 . 2009-03-06 09:48 337832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEEXCH.DLL + 2009-03-06 09:47 . 2009-03-06 09:47 190400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEES.DLL + 2009-03-06 09:47 . 2009-03-06 09:47 575416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEDAO.DLL + 2008-10-26 13:26 . 2008-10-26 13:26 162680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACCWIZ.DLL + 2009-03-06 09:47 . 2009-03-06 09:47 575416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACACEDAO.DLL + 2010-08-03 10:00 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll + 2010-08-03 10:00 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe + 2010-07-14 10:13 . 2010-02-23 02:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll + 2010-07-14 10:13 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe + 2010-07-14 10:13 . 2007-12-01 07:26 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe + 2010-08-03 10:00 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll + 2010-08-03 10:00 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2286198\update\update.exe + 2010-08-03 10:00 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2286198\spuninst.exe + 2010-07-14 10:13 . 2010-02-23 02:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll + 2010-07-14 10:13 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2229593\update\update.exe + 2010-07-14 10:13 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2229593\spuninst.exe + 2010-07-14 06:29 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe + 2005-06-24 14:03 . 2005-06-24 14:03 1359927 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KTIG6U2.dll + 2005-06-24 14:03 . 2005-06-24 14:03 2273335 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KTIG6T2.dll + 2005-06-24 14:03 . 2005-06-24 14:03 1359927 c:\windows\system32\spool\drivers\w32x86\3\KTIG6U2.dll + 2005-06-24 14:03 . 2005-06-24 14:03 2273335 c:\windows\system32\spool\drivers\w32x86\3\KTIG6T2.dll + 2009-02-11 15:01 . 2008-06-23 08:12 1671878 c:\windows\system32\spool\drivers\w32x86\3\BRUCH06A.DLL - 2009-02-11 15:01 . 2008-06-22 16:12 1671878 c:\windows\system32\spool\drivers\w32x86\3\BRUCH06A.DLL - 2009-02-11 15:01 . 2007-07-13 16:10 1197568 c:\windows\system32\spool\drivers\w32x86\3\B2BCH06A.DLL + 2009-02-11 15:01 . 2007-07-14 08:10 1197568 c:\windows\system32\spool\drivers\w32x86\3\B2BCH06A.DLL + 2009-02-11 15:01 . 2007-07-14 08:10 1197568 c:\windows\system32\spool\drivers\w32x86\3\B1BCH06A.DLL - 2009-02-11 15:01 . 2007-07-13 16:10 1197568 c:\windows\system32\spool\drivers\w32x86\3\B1BCH06A.DLL + 2007-12-01 07:25 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll + 2009-11-23 20:18 . 2010-08-03 16:28 1693388 c:\windows\system32\Restore\rstrlog.dat + 2008-03-21 01:06 . 2009-03-11 05:18 1482112 c:\windows\system32\LegitCheckControl.dll + 2008-05-23 16:15 . 2010-07-13 17:10 1463736 c:\windows\system32\FNTCACHE.DAT + 2007-12-01 07:25 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll + 2010-05-21 02:57 . 2010-05-21 02:57 4989952 c:\windows\Installer\39edfb0.msp + 2010-05-21 02:57 . 2010-05-21 02:57 5907456 c:\windows\Installer\39edfaf.msp + 2010-06-11 18:03 . 2010-06-11 18:03 5021184 c:\windows\Installer\39edf8f.msp + 2010-09-22 20:46 . 2010-09-22 20:46 9472000 c:\windows\Installer\24cf043b.msi + 2008-05-24 01:02 . 2010-07-14 10:08 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-05-24 01:02 . 2010-06-26 10:09 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-05-24 01:02 . 2010-06-26 10:09 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-05-24 01:02 . 2010-07-14 10:08 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-11-04 10:09 . 2008-11-04 10:09 1196944 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\XIMAGE3B.DLL + 2009-03-06 10:01 . 2009-03-06 10:01 2335648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\STSLIST.DLL + 2008-11-10 09:41 . 2008-11-10 09:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTVIEW.EXE + 2009-04-02 20:07 . 2009-04-02 20:07 6540120 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OSETUP.DLL + 2009-03-06 11:55 . 2009-03-06 11:55 7036800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OFFOWC.DLL + 2009-04-04 01:21 . 2009-04-04 01:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OARTCONV.DLL + 2008-10-25 06:45 . 2008-10-25 06:45 1518504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\NLSD0000.DLL + 2008-11-10 18:35 . 2008-11-10 18:35 1058200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPCORE.DLL + 2009-04-02 19:01 . 2009-04-02 19:01 6637936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSORES.DLL + 2009-02-14 13:04 . 2009-02-14 13:04 1394544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEUIFRAMEWORK.DLL + 2009-02-14 13:03 . 2009-02-14 13:03 4746608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVETRANSCEIVER.DLL + 2009-02-14 13:03 . 2009-02-14 13:03 1161568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVETEXTTOOLS.DLL + 2009-02-14 13:03 . 2009-02-14 13:03 2736992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVESTORAGEMGR.DLL + 2009-02-12 22:19 . 2009-02-12 22:19 2217848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVESHELLEXTENSIONS.DLL + 2009-02-14 13:03 . 2009-02-14 13:03 7051624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVERESOURCE.DLL + 2009-02-12 22:19 . 2009-02-12 22:19 1560928 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEMISC.DLL + 2009-02-14 13:03 . 2009-02-14 13:03 3070832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEDOCUMENTSHARETOOL.DLL + 2008-11-04 09:09 . 2008-11-04 09:09 1360736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVECRYPTO.DLL + 2009-02-14 13:03 . 2009-02-14 13:03 3494280 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVECOMMUNICATIONSSERVICES.DLL + 2009-02-14 13:03 . 2009-02-14 13:03 2687336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVECOMMONCOMPONENTS.DLL + 2009-02-14 13:03 . 2009-02-14 13:03 6198112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEACCOUNTMGR.DLL + 2009-04-03 04:44 . 2009-04-03 04:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GRAPH.EXE + 2008-10-25 10:38 . 2008-10-25 10:38 1682800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\FPSRVUTL.DLL + 2009-03-06 09:47 . 2009-03-06 09:47 1759136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACECORE.DLL + 2010-08-03 10:00 . 2008-06-17 19:02 8461312 c:\windows\$NtUninstallKB2286198$\shell32.dll + 2010-07-27 06:28 . 2010-07-27 06:28 8463360 c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll + 2008-05-24 00:16 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe + 2010-05-21 02:58 . 2010-05-21 02:58 12114432 c:\windows\Installer\39edf78.msp + 2009-04-04 01:21 . 2009-04-04 01:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OART.DLL + 2009-03-06 09:37 . 2009-03-06 09:37 10222432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSACCESS.EXE . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-15 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-14 30248] "hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-24 618496] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] c:\documents and settings\Tom\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-8-19 503808] c:\documents and settings\All Users\Start Menu\Programs\Startup\ WM-Desktop-Alert.lnk - c:\program files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe [2008-12-26 370176] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Pidgin\\pidgin.exe"= R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2008 9:54 AM 38144] R3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\drivers\RTL8187B.sys [10/14/2008 7:21 AM 238208] S0 kcdwnloe;kcdwnloe; [x] S1 aAAAAAa;aAAAAAa;c:\windows\system32\drivers\aAAAAAa.sys --> c:\windows\system32\drivers\aAAAAAa.sys [?] S1 cvmacii;cvmacii;c:\windows\system32\drivers\cvmacii.sys [11/30/2007 6:13 PM 303904] S3 5DE6C4AB;5DE6C4AB; [x] S3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE [11/22/2005 11:30 AM 24576] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/13/2009 11:10 AM 717296] . Contents of the 'Scheduled Tasks' folder 2010-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1425521274-725345543-1003Core.job - c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 20:26] 2010-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1425521274-725345543-1003UA.job - c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 20:26] 2010-10-21 c:\windows\Tasks\Updater.job - d:\documents and settings\All Users\Application Data\Update\seupd.exe [2010-10-07 16:38] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = <local> IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: winsock.dll FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\vj895qtp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - prefs.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s= FF - plugin: c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - HiddenExtension: XULRunner: {60936386-F8F0-497F-9CB8-B5B399B0E4E7} - c:\documents and settings\Tom\Local Settings\Application Data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7} ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google FF - user.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - BHO-{D6BA40A1-A502-59BD-F413-04B03A2C8953} - c:\windows\system32\pwvrpzgte.dll HKCU-Run-nNkmzK0WEAA7== - c:\docume~1\Tom\LOCALS~1\Temp\system.exe HKCU-Run-HNUjHTgN2zc\Tom\LOCALS~1\Temp\2799445640.exe - c:\docume~1\Tom\LOCALS~1\Temp\2799445640.exe HKCU-Run-HNUjHTgO2x1\Tom\LOCALS~1\Temp\593788024.exe - c:\docume~1\Tom\LOCALS~1\Temp\593788024.exe HKCU-Run-MKetc - c:\windows\sysedit.exe HKCU-Run-MKaoc - c:\windows\debug.exe HKCU-Run-MKese - c:\windows\svchost.exe HKCU-Run-MKZSc - c:\windows\avp32.exe HKCU-Run-MKayc - c:\windows\csrss.exe HKCU-Run-MKbta - c:\windows\install.exe HKCU-Run-MKcZ - c:\windows\mdm.exe HKLM-Run-nNkmzK0WEAA7== - c:\docume~1\Tom\LOCALS~1\Temp\system.exe HKLM-Run-HNUjHTgN2zc\Tom\LOCALS~1\Temp\2799445640.exe - c:\docume~1\Tom\LOCALS~1\Temp\2799445640.exe HKLM-Run-HNUjHTgO2x1\Tom\LOCALS~1\Temp\593788024.exe - c:\docume~1\Tom\LOCALS~1\Temp\593788024.exe HKLM-Run-MKetc - c:\windows\sysedit.exe HKLM-Run-MKaoc - c:\windows\debug.exe HKLM-Run-MKese - c:\windows\svchost.exe HKLM-Run-MKZSc - c:\windows\avp32.exe HKLM-Run-MKayc - c:\windows\csrss.exe HKLM-Run-MKbta - c:\windows\install.exe HKLM-Run-MKcZ - c:\windows\mdm.exe SharedTaskScheduler-{D6BA40A1-A502-59BD-F413-04B03A2C8953} - c:\windows\system32\pwvrpzgte.dll SafeBoot-cvmacii ActiveSetup-{8CD620CB-E463-446F-A79C-F2DA6C90C382} - c:\documents and settings\Tom\Application Data\Bitrix Security\xaukvmm60.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/ Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi 1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2 aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6 GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv 7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12 z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38 /6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1 CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/ /c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB 1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09 8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92 9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED 7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1 LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h nNkmzK0WEAA7=="="c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/ Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi 1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2 aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6 GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv 7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12 z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38 /6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1 CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/ /c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB 1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09 8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92 9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED 7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1 LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h nNkmzK0WEAA7=="="c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1060) c:\windows\system32\relog_ap.dll - - - - - - - > 'explorer.exe'(3864) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\nvsvc32.exe c:\program files\Visioneer\OneTouch 4.0\OtService.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Java\Java Update\jucheck.exe . ************************************************************************** . Completion time: 2010-10-21 16:45:38 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-21 23:45 ComboFix2.txt 2010-07-08 17:33 ComboFix3.txt 2010-06-24 22:45 Pre-Run: 42,430,058,496 bytes free Post-Run: 42,898,030,592 bytes free Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 5F5FFA001F0C75B910C5323F62174E95

Alright I deleted those files and folder, restarted and did a new DDS scan.. I tried hijackthis but it is still acting the same DDS (Ver_10-10-10.03) - NTFSx86 Run by Tom at 15:53:42.53 on Thu 10/21/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.482 [GMT -7:00] AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE "\\.\globalroot\Device\svchost.exe\svchost.exe" C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\sysedit.exe C:\WINDOWS\debug.exe "C:\WINDOWS\svchost.exe" C:\WINDOWS\avp32.exe C:\WINDOWS\install.exe C:\WINDOWS\mdm.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\sysedit.exe C:\WINDOWS\debug.exe "C:\WINDOWS\svchost.exe" C:\WINDOWS\avp32.exe C:\WINDOWS\install.exe C:\WINDOWS\mdm.exe C:\Program Files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Tom\Desktop\dds.scr ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = <local> BHO: c:\windows\system32\pwvrpzgte.dll: {d6ba40a1-a502-59bd-f413-04b03a2c8953} - c:\windows\system32\pwvrpzgte.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\tom\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [HNUjHTgph] c:\docume~1\tom\locals~1\temp\setup.exe uRun: [HNUjHTgruf] c:\docume~1\tom\locals~1\temp\wininst.exe uRun: [HNUjHTgre] c:\docume~1\tom\locals~1\temp\smss.exe uRun: [HNUjHTgoe] c:\docume~1\tom\locals~1\temp\avp.exe uRun: [HNUjHTgrvg] c:\docume~1\tom\locals~1\temp\spoolsv.exe uRun: [HNUjHTgrsc] c:\docume~1\tom\locals~1\temp\winlogon.exe uRun: [HNUjHTgrA] c:\docume~1\tom\locals~1\temp\win16.exe uRun: [HNUjHTgta] c:\docume~1\tom\locals~1\temp\user.exe uRun: [HNUjHTgne] c:\docume~1\tom\locals~1\temp\mdm.exe uRun: [HNUjHTglb] c:\docume~1\tom\locals~1\temp\debug.exe uRun: [HNUjHTgmve] c:\docume~1\tom\locals~1\temp\hexdump.exe uRun: [HNUjHTgrrc] c:\docume~1\tom\locals~1\temp\winamp.exe uRun: [HNUjHTgpb] c:\docume~1\tom\locals~1\temp\login.exe uRun: [HNUjHTgoh] c:\docume~1\tom\locals~1\temp\csrss.exe uRun: [HNUjHTgob] c:\docume~1\tom\locals~1\temp\drweb.exe uRun: [HNUjHTgsfP] c:\docume~1\tom\locals~1\temp\nvsvc32.exe uRun: [HNUjHTgotd] c:\docume~1\tom\locals~1\temp\install.exe uRun: [HNUjHTgN2zc\Tom\LOCALS~1\Temp\2799445640.exe] c:\docume~1\tom\locals~1\temp\2799445640.exe uRun: [HNUjHTgosf] c:\docume~1\tom\locals~1\temp\taskmgr.exe uRun: [HNUjHTgnb] c:\docume~1\tom\locals~1\temp\cmd.exe uRun: [HNUjHTgupf] c:\docume~1\tom\locals~1\temp\sysedit.exe uRun: [HNUjHTgl/] c:\docume~1\tom\locals~1\temp\gdi32.exe uRun: [HNUjHTgmtd] c:\docume~1\tom\locals~1\temp\iexplarer.exe uRun: [HNUjHTgqd] c:\docume~1\tom\locals~1\temp\lsass.exe uRun: [HNUjHTgO2x1\Tom\LOCALS~1\Temp\593788024.exe] c:\docume~1\tom\locals~1\temp\593788024.exe uRun: [MKetc] c:\windows\sysedit.exe uRun: [MKaoc] c:\windows\debug.exe uRun: [MKese] c:\windows\svchost.exe uRun: [MKZSc] c:\windows\avp32.exe uRun: [MKayc] c:\windows\csrss.exe uRun: [MKbta] c:\windows\install.exe uRun: [MKcZ] c:\windows\mdm.exe uRun: [HNUjHTgoh.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] c:\docume~1\tom\locals~1\temp\csrss.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1 mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HNUjHTgph] c:\docume~1\tom\locals~1\temp\setup.exe mRun: [HNUjHTgruf] c:\docume~1\tom\locals~1\temp\wininst.exe mRun: [HNUjHTgre] c:\docume~1\tom\locals~1\temp\smss.exe mRun: [HNUjHTgoe] c:\docume~1\tom\locals~1\temp\avp.exe mRun: [HNUjHTgrvg] c:\docume~1\tom\locals~1\temp\spoolsv.exe mRun: [HNUjHTgrsc] c:\docume~1\tom\locals~1\temp\winlogon.exe mRun: [HNUjHTgrA] c:\docume~1\tom\locals~1\temp\win16.exe mRun: [HNUjHTgta] c:\docume~1\tom\locals~1\temp\user.exe mRun: [HNUjHTgne] c:\docume~1\tom\locals~1\temp\mdm.exe mRun: [HNUjHTglb] c:\docume~1\tom\locals~1\temp\debug.exe mRun: [HNUjHTgmve] c:\docume~1\tom\locals~1\temp\hexdump.exe mRun: [HNUjHTgrrc] c:\docume~1\tom\locals~1\temp\winamp.exe mRun: [HNUjHTgpb] c:\docume~1\tom\locals~1\temp\login.exe mRun: [HNUjHTgoh] c:\docume~1\tom\locals~1\temp\csrss.exe mRun: [HNUjHTgob] c:\docume~1\tom\locals~1\temp\drweb.exe mRun: [HNUjHTgsfP] c:\docume~1\tom\locals~1\temp\nvsvc32.exe mRun: [HNUjHTgotd] c:\docume~1\tom\locals~1\temp\install.exe mRun: [HNUjHTgN2zc\Tom\LOCALS~1\Temp\2799445640.exe] c:\docume~1\tom\locals~1\temp\2799445640.exe mRun: [HNUjHTgosf] c:\docume~1\tom\locals~1\temp\taskmgr.exe mRun: [HNUjHTgnb] c:\docume~1\tom\locals~1\temp\cmd.exe mRun: [HNUjHTgupf] c:\docume~1\tom\locals~1\temp\sysedit.exe mRun: [HNUjHTgl/] c:\docume~1\tom\locals~1\temp\gdi32.exe mRun: [HNUjHTgmtd] c:\docume~1\tom\locals~1\temp\iexplarer.exe mRun: [HNUjHTgqd] c:\docume~1\tom\locals~1\temp\lsass.exe mRun: [HNUjHTgO2x1\Tom\LOCALS~1\Temp\593788024.exe] c:\docume~1\tom\locals~1\temp\593788024.exe mRun: [MKetc] c:\windows\sysedit.exe mRun: [MKaoc] c:\windows\debug.exe mRun: [MKese] c:\windows\svchost.exe mRun: [MKZSc] c:\windows\avp32.exe mRun: [MKayc] c:\windows\csrss.exe mRun: [MKbta] c:\windows\install.exe mRun: [MKcZ] c:\windows\mdm.exe mRun: [HNUjHTgoh.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] c:\docume~1\tom\locals~1\temp\csrss.exe dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\tom\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wm-des~1.lnk - c:\program files\whiskeymilitia\desktop alert\WM-Desktop-Alert.exe uPolicies-explorer: NoFolderOptions = 1 (0x1) uPolicies-system: DisableRegistryTools = 1 (0x1) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: winsock.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211587291171 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259707250250 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: c:\windows\system32\pwvrpzgte.dll: {d6ba40a1-a502-59bd-f413-04b03a2c8953} - c:\windows\system32\pwvrpzgte.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll LSA: Authentication Packages = msv1_0 relog_ap mASetup: {8CD620CB-E463-446F-A79C-F2DA6C90C382} - rundll32.exe "c:\documents and settings\tom\application data\bitrix security\xaukvmm60.dll", DllUnrer ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\vj895qtp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - prefs.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s= FF - plugin: c:\documents and settings\tom\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - HiddenExtension: XULRunner: {60936386-F8F0-497F-9CB8-B5B399B0E4E7} - c:\documents and settings\tom\local settings\application data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7} FF - HiddenExtension: Firefox security: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google FF - user.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); ============= SERVICES / DRIVERS =============== R1 cvmacii;cvmacii;c:\windows\system32\drivers\cvmacii.sys [2007-11-30 303904] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-10-9 38144] R3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-10-14 238208] S0 kcdwnloe;kcdwnloe; [x] S1 aAAAAAa;aAAAAAa;c:\windows\system32\drivers\aaaaaaa.sys --> c:\windows\system32\drivers\aAAAAAa.sys [?] S3 5DE6C4AB;5DE6C4AB; [x] S3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE [2005-11-22 24576] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-11-16 550272] =============== Created Last 30 ================ 2010-10-21 20:42:56 -------- d-s---w- C:\ComboFix 2010-10-20 22:19:47 21636 ---h--w- c:\windows\mdm.exe 2010-10-20 22:19:46 21636 ---h--w- c:\windows\install.exe 2010-10-20 22:12:04 21636 ---h--w- c:\windows\svchost.exe 2010-10-20 22:12:04 21636 ---h--w- c:\windows\csrss.exe 2010-10-20 22:12:03 21636 ---h--w- c:\windows\sysedit.exe 2010-10-20 22:12:03 21636 ---h--w- c:\windows\avp32.exe 2010-10-20 22:12:02 21636 ---h--w- c:\windows\debug.exe 2010-10-20 19:31:05 -------- d-----w- c:\program files\ESET 2010-10-19 22:30:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-19 22:30:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-19 20:18:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro 2010-10-19 20:18:11 -------- d-----w- c:\program files\Trend Micro 2010-10-19 18:41:32 -------- d-s---w- C:\Combo-Fix6475C 2010-10-19 17:46:22 -------- d-s---w- C:\Combo-Fix 2010-10-11 21:54:41 -------- d-----w- c:\docume~1\tom\locals~1\applic~1\{60936386-F8F0-497F-9CB8-B5B399B0E4E7} 2010-09-29 19:13:11 -------- d-----w- c:\docume~1\tom\applic~1\Delicious IE Extension 2010-09-29 19:12:45 -------- d-----w- c:\program files\Delicious Add-on for Internet Explorer 2010-09-28 19:29:27 -------- d-sh--w- c:\docume~1\tom\applic~1\SystemProc ==================== Find3M ==================== 2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts ============= FINISH: 15:54:27.53 ===============

Here is the new DDS log.. DDS (Ver_10-10-10.03) - NTFSx86 Run by Tom at 14:59:16.25 on Thu 10/21/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.439 [GMT -7:00] AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\alg.exe "\\.\globalroot\Device\svchost.exe\svchost.exe" C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\sysedit.exe C:\WINDOWS\debug.exe C:\WINDOWS\avp32.exe C:\WINDOWS\install.exe C:\WINDOWS\mdm.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\sysedit.exe C:\WINDOWS\debug.exe C:\WINDOWS\avp32.exe C:\WINDOWS\install.exe C:\WINDOWS\mdm.exe C:\Program Files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\explorer.exe C:\DOCUME~1\Tom\LOCALS~1\Temp\iexplorer.exe C:\Documents and Settings\Tom\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = <local> BHO: c:\windows\system32\pwvrpzgte.dll: {d6ba40a1-a502-59bd-f413-04b03a2c8953} - c:\windows\system32\pwvrpzgte.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\tom\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [HNUjHTgph] c:\docume~1\tom\locals~1\temp\setup.exe uRun: [HNUjHTgruf] c:\docume~1\tom\locals~1\temp\wininst.exe uRun: [HNUjHTgre] c:\docume~1\tom\locals~1\temp\smss.exe uRun: [HNUjHTgoe] c:\docume~1\tom\locals~1\temp\avp.exe uRun: [HNUjHTgrvg] c:\docume~1\tom\locals~1\temp\spoolsv.exe uRun: [HNUjHTgrsc] c:\docume~1\tom\locals~1\temp\winlogon.exe uRun: [HNUjHTgrA] c:\docume~1\tom\locals~1\temp\win16.exe uRun: [HNUjHTgta] c:\docume~1\tom\locals~1\temp\user.exe uRun: [HNUjHTgne] c:\docume~1\tom\locals~1\temp\mdm.exe uRun: [HNUjHTglb] c:\docume~1\tom\locals~1\temp\debug.exe uRun: [HNUjHTgmve] c:\docume~1\tom\locals~1\temp\hexdump.exe uRun: [HNUjHTgrrc] c:\docume~1\tom\locals~1\temp\winamp.exe uRun: [HNUjHTgpb] c:\docume~1\tom\locals~1\temp\login.exe uRun: [HNUjHTgoh] c:\docume~1\tom\locals~1\temp\csrss.exe uRun: [HNUjHTgob] c:\docume~1\tom\locals~1\temp\drweb.exe uRun: [HNUjHTgsfP] c:\docume~1\tom\locals~1\temp\nvsvc32.exe uRun: [HNUjHTgotd] c:\docume~1\tom\locals~1\temp\install.exe uRun: [HNUjHTgN2zc\Tom\LOCALS~1\Temp\2799445640.exe] c:\docume~1\tom\locals~1\temp\2799445640.exe uRun: [HNUjHTgosf] c:\docume~1\tom\locals~1\temp\taskmgr.exe uRun: [HNUjHTgnb] c:\docume~1\tom\locals~1\temp\cmd.exe uRun: [HNUjHTgupf] c:\docume~1\tom\locals~1\temp\sysedit.exe uRun: [HNUjHTgl/] c:\docume~1\tom\locals~1\temp\gdi32.exe uRun: [HNUjHTgmtd] c:\docume~1\tom\locals~1\temp\iexplarer.exe uRun: [HNUjHTgqd] c:\docume~1\tom\locals~1\temp\lsass.exe uRun: [HNUjHTgO2x1\Tom\LOCALS~1\Temp\593788024.exe] c:\docume~1\tom\locals~1\temp\593788024.exe uRun: [MKetc] c:\windows\sysedit.exe uRun: [MKaoc] c:\windows\debug.exe uRun: [MKese] c:\windows\svchost.exe uRun: [MKZSc] c:\windows\avp32.exe uRun: [MKayc] c:\windows\csrss.exe uRun: [MKbta] c:\windows\install.exe uRun: [MKcZ] c:\windows\mdm.exe uRun: [HNUjHTgoh.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] c:\docume~1\tom\locals~1\temp\csrss.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1 mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HNUjHTgph] c:\docume~1\tom\locals~1\temp\setup.exe mRun: [HNUjHTgruf] c:\docume~1\tom\locals~1\temp\wininst.exe mRun: [HNUjHTgre] c:\docume~1\tom\locals~1\temp\smss.exe mRun: [HNUjHTgoe] c:\docume~1\tom\locals~1\temp\avp.exe mRun: [HNUjHTgrvg] c:\docume~1\tom\locals~1\temp\spoolsv.exe mRun: [HNUjHTgrsc] c:\docume~1\tom\locals~1\temp\winlogon.exe mRun: [HNUjHTgrA] c:\docume~1\tom\locals~1\temp\win16.exe mRun: [HNUjHTgta] c:\docume~1\tom\locals~1\temp\user.exe mRun: [HNUjHTgne] c:\docume~1\tom\locals~1\temp\mdm.exe mRun: [HNUjHTglb] c:\docume~1\tom\locals~1\temp\debug.exe mRun: [HNUjHTgmve] c:\docume~1\tom\locals~1\temp\hexdump.exe mRun: [HNUjHTgrrc] c:\docume~1\tom\locals~1\temp\winamp.exe mRun: [HNUjHTgpb] c:\docume~1\tom\locals~1\temp\login.exe mRun: [HNUjHTgoh] c:\docume~1\tom\locals~1\temp\csrss.exe mRun: [HNUjHTgob] c:\docume~1\tom\locals~1\temp\drweb.exe mRun: [HNUjHTgsfP] c:\docume~1\tom\locals~1\temp\nvsvc32.exe mRun: [HNUjHTgotd] c:\docume~1\tom\locals~1\temp\install.exe mRun: [HNUjHTgN2zc\Tom\LOCALS~1\Temp\2799445640.exe] c:\docume~1\tom\locals~1\temp\2799445640.exe mRun: [HNUjHTgosf] c:\docume~1\tom\locals~1\temp\taskmgr.exe mRun: [HNUjHTgnb] c:\docume~1\tom\locals~1\temp\cmd.exe mRun: [HNUjHTgupf] c:\docume~1\tom\locals~1\temp\sysedit.exe mRun: [HNUjHTgl/] c:\docume~1\tom\locals~1\temp\gdi32.exe mRun: [HNUjHTgmtd] c:\docume~1\tom\locals~1\temp\iexplarer.exe mRun: [HNUjHTgqd] c:\docume~1\tom\locals~1\temp\lsass.exe mRun: [HNUjHTgO2x1\Tom\LOCALS~1\Temp\593788024.exe] c:\docume~1\tom\locals~1\temp\593788024.exe mRun: [MKetc] c:\windows\sysedit.exe mRun: [MKaoc] c:\windows\debug.exe mRun: [MKese] c:\windows\svchost.exe mRun: [MKZSc] c:\windows\avp32.exe mRun: [MKayc] c:\windows\csrss.exe mRun: [MKbta] c:\windows\install.exe mRun: [MKcZ] c:\windows\mdm.exe mRun: [HNUjHTgoh.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] c:\docume~1\tom\locals~1\temp\csrss.exe dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\tom\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wm-des~1.lnk - c:\program files\whiskeymilitia\desktop alert\WM-Desktop-Alert.exe uPolicies-explorer: NoFolderOptions = 1 (0x1) uPolicies-system: DisableRegistryTools = 1 (0x1) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: winsock.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211587291171 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259707250250 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: c:\windows\system32\pwvrpzgte.dll: {d6ba40a1-a502-59bd-f413-04b03a2c8953} - c:\windows\system32\pwvrpzgte.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll LSA: Authentication Packages = msv1_0 relog_ap mASetup: {8CD620CB-E463-446F-A79C-F2DA6C90C382} - rundll32.exe "c:\documents and settings\tom\application data\bitrix security\xaukvmm60.dll", DllUnrer ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\vj895qtp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - prefs.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s= FF - plugin: c:\documents and settings\tom\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - HiddenExtension: XULRunner: {60936386-F8F0-497F-9CB8-B5B399B0E4E7} - c:\documents and settings\tom\local settings\application data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7} FF - HiddenExtension: Firefox security: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google FF - user.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); ============= SERVICES / DRIVERS =============== R1 cvmacii;cvmacii;c:\windows\system32\drivers\cvmacii.sys [2007-11-30 303904] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-10-9 38144] R3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-10-14 238208] S0 kcdwnloe;kcdwnloe; [x] S1 aAAAAAa;aAAAAAa;c:\windows\system32\drivers\aaaaaaa.sys --> c:\windows\system32\drivers\aAAAAAa.sys [?] S3 5DE6C4AB;5DE6C4AB; [x] S3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE [2005-11-22 24576] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-11-16 550272] =============== Created Last 30 ================ 2010-10-21 20:42:56 -------- d-s---w- C:\ComboFix 2010-10-20 22:19:47 21636 ---h--w- c:\windows\mdm.exe 2010-10-20 22:19:46 21636 ---h--w- c:\windows\install.exe 2010-10-20 22:12:04 21636 ---h--w- c:\windows\svchost.exe 2010-10-20 22:12:04 21636 ---h--w- c:\windows\csrss.exe 2010-10-20 22:12:03 21636 ---h--w- c:\windows\sysedit.exe 2010-10-20 22:12:03 21636 ---h--w- c:\windows\avp32.exe 2010-10-20 22:12:02 21636 ---h--w- c:\windows\debug.exe 2010-10-20 19:31:05 -------- d-----w- c:\program files\ESET 2010-10-19 22:30:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-19 22:30:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-19 20:18:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro 2010-10-19 20:18:11 -------- d-----w- c:\program files\Trend Micro 2010-10-19 18:41:32 -------- d-s---w- C:\Combo-Fix6475C 2010-10-19 17:46:22 -------- d-s---w- C:\Combo-Fix 2010-10-15 21:18:36 190 ----a-w- c:\docume~1\tom\applic~1\jsfhjjsd.bat 2010-10-15 21:18:06 -------- d-----w- c:\docume~1\tom\applic~1\Bitrix Security 2010-10-11 21:55:19 0 ----a-w- c:\windows\Nbimupe.bin 2010-10-11 21:54:41 -------- d-----w- c:\docume~1\tom\locals~1\applic~1\{60936386-F8F0-497F-9CB8-B5B399B0E4E7} 2010-09-29 19:13:11 -------- d-----w- c:\docume~1\tom\applic~1\Delicious IE Extension 2010-09-29 19:12:45 -------- d-----w- c:\program files\Delicious Add-on for Internet Explorer 2010-09-28 19:29:27 -------- d-sh--w- c:\docume~1\tom\applic~1\SystemProc ==================== Find3M ==================== 2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts ============= FINISH: 14:59:56.17 =============== and Attach UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-10-10.03) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/23/2008 4:24:51 PM System Uptime: 10/21/2010 1:58:44 PM (1 hours ago) Motherboard: ASUSTek Computer INC. | | IVY Processor: AMD Athlon 64 Processor 3800+ | Socket AM2 | 2410/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 59 GiB total, 39.517 GiB free. D: is FIXED (NTFS) - 90 GiB total, 44.571 GiB free. E: is Removable F: is Removable G: is Removable H: is Removable I: is CDROM (CDFS) Z: is NetworkDisk (NTFS) - 40 GiB total, 8.282 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318} Description: Microsoft System Management BIOS Driver Device ID: ROOT\SYSTEM\0002 Manufacturer: (Standard system devices) Name: Microsoft System Management BIOS Driver PNP Device ID: ROOT\SYSTEM\0002 Service: mssmbios ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== Acronis

Sorry, still the same result

I'm sure I'm killing you here, but I don't have an XP disk. This computer is a hand me down for work, and they dont have any software for it.

Sorry LDTate, I can't do that either hahah.. I always get an error when I do a search, even before all of this. The title is "Microsoft Visual C++ Runtime Library" and the message "Program: C:\WINDOWS\explorer.exe This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information." Whats next? You're a genius if you get me through all of this hahaha, thanks again.

SystemLook still wont work, here is the log from exehelper.. exeHelper by Raktor Build 20100414 Run at 14:16:58 on 10/21/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished--

When I attempt to run SystemLook, it gives me the error "This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem". I tried both mirrors, but the same result

Yes, still the same result