Jump to content

please help remove malware


Recommended Posts

I keeping getting malware that is acting like windows security.

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27

Run by Mark at 16:02:19 on 2011-12-08

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3196 [GMT -8:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\System32\ping.exe

C:\Documents and Settings\Mark\Local Settings\Application Data\jwu.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/?ilc=5

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

uRun: [DAEMON Tools Lite] "c:\util\daemon tools lite\DTLite.exe" -autorun

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\mark\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [V0230Mon.exe] c:\windows\system32\V0230Mon.exe

mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart

mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\mark\startm~1\programs\startup\checkf~1.lnk - c:\program files\jts\WiseUpdt.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\novaba~1.lnk - c:\program files\novastor\novastor novabackup\nsCtrl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\TM Server.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\util\winzip\WZQKPICK.EXE

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

Trusted Zone: cleverreach.com\novastor

Trusted Zone: google-analytics.com

Trusted Zone: intuit.com\ttlc

Trusted Zone: novastor.com

Trusted Zone: turbotax.com

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.115/WebSlingPlayer.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxp://mypc:2000/activex/RACtrl.cab

TCP: DhcpNameServer = 192.168.1.1 68.238.64.12

TCP: Interfaces\{7E1FF7CE-12D4-48A4-B40B-360FD23B51A6} : DhcpNameServer = 192.168.1.1 68.238.64.12

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\p5oo56mt.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:\documents and settings\mark\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\mark\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

.

============= SERVICES / DRIVERS ===============

.

R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [2009-4-11 113904]

S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-6-27 96512]

S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [2010-9-21 192504]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]

S1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [2009-4-11 79616]

S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/24 13:54:55];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-11-17 87536]

S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/31 16:45:32];c:\program files\cyberlink\powerdvd9\000.fcl [2009-3-30 87536]

S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\powerdvd8\powerdvd8\000.fcl --> c:\program files\powerdvd8\powerdvd8\000.fcl [?]

S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392]

S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392]

S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-11-18 20328]

S2 gupdate1ca0bc6b51516ae;Google Update Service (gupdate1ca0bc6b51516ae);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104]

S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-5-24 286736]

S2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-2-18 462632]

S2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\novastor\novastor novabackup\nsService.exe [2010-12-7 365704]

S2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\remotelyanywhere\x86\rainfo.sys [2007-4-17 12992]

S2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [2010-4-4 46000]

S2 ShadowProtectSvc;ShadowProtect Service;c:\program files\storagecraft\shadowprotect\ShadowProtectSvc.exe [2009-4-11 1990656]

S2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]

S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120]

S2 StorageCraft Image Manager;StorageCraft Image Manager;c:\program files\storagecraft\imagemanager\ImageManager.exe [2007-10-24 69632]

S2 StorageCraft Image Manager32;StorageCraft Image Manager ;c:\windows\system32\ntsdexts32.exe --> c:\windows\system32\ntsdexts32.exe [?]

S2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-3-30 2440120]

S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640]

S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2009-5-29 66944]

S2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [2009-4-11 61952]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [2009-8-11 1684736]

S3 Backup Client Agent Service;Backup Client Agent Service;c:\program files\novastor\novastor novabackup\ManagementServer.Agent.Service.exe [2010-11-22 179200]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-7-7 13192]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-23 106104]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-7-7 8456]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104]

S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111207.021\NAVENG.SYS [2011-12-7 86136]

S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111207.021\NAVEX15.SYS [2011-12-7 1576312]

S3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [2007-4-17 10168]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2010-6-24 6272]

S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2010-6-24 498464]

S4 RARfsClientNP;RARfsClientNP; [x]

.

=============== File Associations ===============

.

.exe=ah

.

=============== Created Last 30 ================

.

2011-12-08 14:12:29 79872 ----a-w- c:\windows\system32\kG5MuXD4.com_

2011-12-08 04:04:48 -------- d-----w- c:\program files\ESET

2011-12-08 01:28:48 325632 ----a-w- c:\documents and settings\mark\local settings\application data\jwu.exe

2011-11-25 19:47:51 -------- d-----w- c:\program files\iPod

2011-11-25 19:47:48 -------- d-----w- c:\program files\iTunes

2011-11-25 19:43:10 -------- d-----w- c:\program files\Bonjour

2011-11-25 17:51:28 -------- d-----w- c:\documents and settings\all users\application data\RosettaStoneLtdBackup

2011-11-10 01:01:51 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2011-11-10 01:01:51 8192 ----a-w- c:\windows\system32\wshirda.dll

2011-11-10 01:01:51 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2011-11-10 01:01:51 28160 ----a-w- c:\windows\system32\irmon.dll

2011-11-10 01:01:47 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe

2011-11-10 01:01:47 151552 ----a-w- c:\windows\system32\irftp.exe

.

==================== Find3M ====================

.

2011-11-24 18:45:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-11 15:03:41 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-10-11 15:03:41 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-10-11 14:53:11 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin

.

============= FINISH: 16:03:12.53 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 4/11/2009 5:28:54 PM

System Uptime: 12/8/2011 3:36:41 PM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | P35C-DS3R

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 1863 GiB total, 1202.986 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 466 GiB total, 98.739 GiB free.

G: is FIXED (NTFS) - 298 GiB total, 67.431 GiB free.

H: is CDROM ()

I: is FIXED (NTFS) - 699 GiB total, 131.774 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Officejet Pro L7500

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet Pro L7500

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP55: 10/26/2011 11:14:49 PM - System Checkpoint

RP56: 10/27/2011 11:15:55 PM - System Checkpoint

RP57: 10/29/2011 12:24:15 AM - System Checkpoint

RP58: 10/30/2011 1:14:49 AM - System Checkpoint

RP59: 10/31/2011 2:14:48 AM - System Checkpoint

RP60: 11/1/2011 2:34:18 AM - System Checkpoint

RP61: 11/2/2011 2:47:25 AM - System Checkpoint

RP62: 11/2/2011 3:12:34 PM - Software Distribution Service 3.0

RP63: 11/3/2011 3:36:30 PM - System Checkpoint

RP64: 11/4/2011 4:36:30 PM - System Checkpoint

RP65: 11/5/2011 6:17:02 PM - System Checkpoint

RP66: 11/6/2011 5:36:30 PM - System Checkpoint

RP67: 11/7/2011 6:09:08 PM - System Checkpoint

RP68: 11/8/2011 8:29:35 PM - System Checkpoint

RP69: 11/9/2011 9:04:04 PM - System Checkpoint

RP70: 11/10/2011 10:04:03 PM - System Checkpoint

RP71: 11/11/2011 11:04:03 PM - System Checkpoint

RP72: 11/13/2011 12:04:02 AM - System Checkpoint

RP73: 11/14/2011 1:04:03 AM - System Checkpoint

RP74: 11/15/2011 5:35:11 PM - System Checkpoint

RP75: 11/16/2011 6:04:08 PM - System Checkpoint

RP76: 11/17/2011 7:04:07 PM - System Checkpoint

RP77: 11/18/2011 7:08:31 PM - System Checkpoint

RP78: 11/19/2011 8:42:01 PM - System Checkpoint

RP79: 11/20/2011 9:04:07 PM - System Checkpoint

RP80: 11/21/2011 9:05:11 PM - System Checkpoint

RP81: 11/22/2011 10:04:07 PM - System Checkpoint

RP82: 11/23/2011 10:04:21 PM - System Checkpoint

RP83: 11/24/2011 10:48:18 PM - System Checkpoint

RP84: 11/25/2011 9:51:34 AM - Installed Rosetta Stone Version 3

RP85: 11/25/2011 9:58:42 AM - Removed Rosetta Stone Version 3

RP86: 11/25/2011 10:01:58 AM - Installed Rosetta Stone Version 3

RP87: 11/25/2011 11:44:58 AM - Installed iTunes

RP88: 11/26/2011 11:47:15 AM - System Checkpoint

RP89: 11/27/2011 11:50:30 AM - System Checkpoint

RP90: 11/28/2011 4:22:47 PM - System Checkpoint

RP91: 11/29/2011 8:59:28 PM - System Checkpoint

RP92: 11/30/2011 9:34:28 PM - System Checkpoint

RP93: 12/1/2011 10:31:19 PM - System Checkpoint

RP94: 12/2/2011 11:25:21 PM - System Checkpoint

RP95: 12/4/2011 12:21:56 AM - System Checkpoint

RP96: 12/5/2011 1:17:37 AM - System Checkpoint

RP97: 12/6/2011 2:13:17 AM - System Checkpoint

RP98: 12/7/2011 3:08:46 AM - System Checkpoint

RP99: 12/8/2011 3:56:45 AM - System Checkpoint

.

==== Installed Programs ======================

.

.

"Nero SoundTrax Help

32 Bit HP CIO Components Installer

3D Home Architect Design Suite Deluxe 8

7500_7600_7700_Help1

ACDSee 10 Photo Manager

ACDSee Pro 3

Activation (Blu-ray Disc Authoring Plug-in)

Activation (Blu-ray Video Plug-in)

Activation (Gracenote Plug-in)

Activation (Nero 9 HD)

Activation (Nero BackItUp 4)

Activation (Nero MediaHome 4)

Activation (Nero Move it)

Ad Notifier - For Craigslist.org

Adobe Acrobat 9 Pro Extended - English, Français, Deutsch

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Photoshop 7.0

Adobe SVG Viewer 3.0

Advanced Video FX Engine

Advertising Center

AnswerWorks 4.0 Runtime - English

AnswerWorks 5.0 English Runtime

Ant Movie Catalog

AnyDVD Registration

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft TotalMedia Theatre

ArcSoft TotalMedia Theatre 5

Audacity 1.2.6

AviSynth 2.5

Bing Bar

Bing Bar Platform

Blu-ray Disc Authoring Plug-in

Blu-ray Video Plug-in

Blu-ray/HD DVD Video Plug-in

Bonjour

bpd_scan_Carrier

BPDSoftware

BPDSoftware_Ini

BufferChm

Calorie GPS

Canon iP4200

Canon Utilities Easy-PhotoPrint

CCleaner

CD-LabelPrint

Cinema Craft Encoder SP

Cisco Connect

Classifieds Searcher Free - version 7.30

Collectorz.com Game Collector

Collectorz.com Movie Collector

Compatibility Pack for the 2007 Office system

CPUID CPU-Z 1.56

Creative Audio Console

Creative Live! Cam Center

Creative Live! Cam Manager

Creative Live! Cam Video IM Pro Driver (1.00.07.0725)

Creative Live! Cam Video IM Pro User's Guide (English)

Creative Photo Calendar

Creative Photo Manager

Creative Software AutoUpdate

Creative System Information

CyberLink BD_3D Advisor 2.0

CyberLink PowerDVD 10

CyberLink PowerDVD 9

DAEMON Tools Toolbar

Database Conversion Wizard

dBpoweramp [Audio Info] Codec

dBpoweramp [Calculate Audio CRC] Codec

dBpoweramp [iD Tag Update] Codec

dBpoweramp [Multi Encoder] Codec

dBpoweramp [Tag From Filename] Codec

dBpoweramp Batch Ripper

dBpoweramp Dalet Codec

dBpoweramp DSP Effects

dBpoweramp FLAC Codec

dBpoweramp Monkeys Audio Codec

dBpoweramp Mp2 and BwfMp2 codec

dBpoweramp mp3 (Fraunhofer IIS) Codec

dBpoweramp Music Converter

dBpoweramp Ogg Vorbis Codec

dBpoweramp Real Audio (Helix) Encoder

dBPoweramp tooLame MP2 codec

dBpoweramp Wave64 Codec

dBpoweramp WavPack Codec

Destinations

DeviceDiscovery

DocProc

DolbyFiles

DriverAgent by eSupport.com

DTS Plug-in

DVD Decrypter (Remove Only)

DVD Rebuilder

DVDFab 8.1.2.0 (15/09/2011) Qt

DVDInfoPro 6.5.1.0

EASEUS Partition Master 8.0.1 Home Edition

ESET Online Scanner v3

eXtreme Movie Manager 7.0.3.1 - Full Install!

Fax

ffdshow v1.1.3326 [2010-03-19]

FLAC 1.2.1b (remove only)

foobar2000 v1.0.3

Get Yahoo! Messenger

Gigabyte Raid Configurer

Google Chrome

Google Earth

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 4.5.0.457

GPBaseService2

Gracenote Plug-in

Greetings Workshop

Haali Media Splitter

Hallmark Card Studio 2008 Deluxe

Hallmark Card Studio 2009

High-Definition Video Playback 10

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 14.0

HP Imaging Device Functions 14.0

HP OfficeJet L7300/L7500/7600/7700

HP Photosmart Essential 3.5

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HP_Network_UserGuide

HPDiagnosticAlert

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

IHA_MessageCenter

ImagXpress

ImgBurn

iPhoneBrowser

iTunes

Java Auto Updater

Java 6 Update 27

KODAK Gallery Upload Software

L7500

LAME v3.98.2 for Audacity

LG ODD Auto Firmware Update

LightScribe System Software

LiveUpdate 3.3 (Symantec Corporation)

Logitech Harmony Remote Software 7

MadOnion.com/PCMark2002

Magic ISO Maker v5.4 (build 0251)

Malwarebytes' Anti-Malware version 1.51.1.1800

MarketResearch

Menu Templates - Starter Kit

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Default Manager

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office XP Professional with FrontPage

Microsoft Primary Interoperability Assemblies 2005

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Movie Templates - Starter Kit

Mozilla Firefox 8.0 (x86 en-US)

mp3PRO Plug-in

Mp3tag v2.49

MPM

MSN

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Myibay Auction bid sniper for eBay 1.0.43

Nero 10 Menu TemplatePack 1

Nero 10 Menu TemplatePack 2

Nero 10 Menu TemplatePack 3

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack 1

Nero 10 Movie ThemePack 2

Nero 10 Movie ThemePack Basic

Nero 10 Sample ImagePack

Nero 10 Sample Videos

Nero 9

Nero 9 HD

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero BackItUp 4

Nero Burning ROM 10

Nero BurningROM

Nero BurningROM 10 Help (CHM)

Nero BurnRights

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter

Nero Core Components 10

Nero CoverDesigner

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Dolby Files 10

Nero DriveSpeed

Nero Express

Nero Express 10

Nero Express 10 Help (CHM)

Nero InCD-Reader

Nero InfoTool

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero Installer

Nero MediaHome 4

Nero MediaHome 4 Help

Nero MediaHome 4 Trial

Nero MediaHub 10

Nero MediaHub 10 Help (CHM)

Nero Move it

Nero Multimedia Suite 10

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode 10

Nero Recode 10 Help (CHM)

Nero Recode Help

Nero Rescue Agent

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero RescueAgent Help

Nero ShowTime

Nero SoundTrax 10

Nero SoundTrax 10 Help (CHM)

Nero StartSmart

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero StartSmart Help

Nero Update

Nero Vision

Nero Vision 10

Nero Vision 10 Help (CHM)

Nero WaveEditor

Nero WaveEditor 10

Nero WaveEditor 10 Help (CHM)

Nero WaveEditor Help

NeroBurningROM

NeroExpress

neroxml

Network

NovaBACKUP

NVIDIA Control Panel 266.58

NVIDIA Graphics Driver 266.58

NVIDIA Install Application

NVIDIA nView 135.85

NVIDIA nView Desktop Manager

OCR Software by I.R.I.S. 14.0

Octoshape add-in for Adobe Flash Player

Opti Drive Control 1.51

PFPortChecker 1.0.32

PowerISO

ProductContext

Quicken 2010

QuickTime

RackTools 3.5

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Remote Control USB Driver

Rosetta Stone Version 3

Salling Clicker

Scan

SecurDisc Viewer

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2124261)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2290570)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB970483)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976323)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

ShadowProtect Desktop

ShadowProtect ImageManager

Shop for HP Supplies

SightSpeed

Skype Toolbars

Skype™ 4.2

SlingHealth ActiveX

SlingPlayer

SmartWebPrinting

SolutionCenter

SoundTrax

Sprite Backup

Status

SUPERAntiSpyware Free Edition

Symantec Endpoint Protection

System Requirements Lab

Toolbox

Trader Workstation

Trader Workstation 4.0

TrayApp

TurboTax 2008

TurboTax 2008 wcaiper

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wrapper

TurboTax 2009

TurboTax 2009 wcaiper

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 wcaiper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax Home & Business 2007

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Verizon Download Manager

Vz In Home Agent

Warcraft III: All Products

WebFldrs XP

WebReg

WebSlingPlayer ActiveX

WIDCOMM Bluetooth Software

Winamp

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

WinSCP 4.2.7

WinZip

XML Paper Specification Shared Components Pack 1.0

Yahoo! BrowserPlus 2.9.8

Yahoo! Detect

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== End Of File ===========================

Link to post
Share on other sites

Hello and :welcome:

Unfortunately you have a nasty rootkit on your computer. Please read the following information before continuing.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi, that seems to have done the trick. How are thing running at this point?

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u1.
  • Look for "JDK 7u1 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites

When I open IE it opens another browser to some random advertising site. Additionally, looking at "network connections" in XP it is stuck axquiring network address, yet I have no problem accessing the internet.

Here is my mbam log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8354

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/11/2011 6:11:32 PM

mbam-log-2011-12-11 (18-11-32).txt

Scan type: Full scan (C:\|)

Objects scanned: 500272

Time elapsed: 2 hour(s), 12 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Lets verify if your MBR is infected.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:
    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Link to post
Share on other sites

That is clean. Lets have a closer look at your internet settings.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

The OTL did not produce an Extra.txt file. I did a search using windows explorer and nothing was found. Here is OTL.txt file.

OTL logfile created on: 12/12/2011 1:12:36 PM - Run 4

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mark\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 67.28% Memory free

5.30 Gb Paging File | 4.19 Gb Available in Paging File | 79.18% Paging File free

Paging file location(s): C:\pagefile.sys 2000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 1863.01 Gb Total Space | 1204.95 Gb Free Space | 64.68% Space Free | Partition Type: NTFS

Drive D: | 21.70 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF2.5

Drive F: | 465.75 Gb Total Space | 98.74 Gb Free Space | 21.20% Space Free | Partition Type: NTFS

Drive G: | 298.09 Gb Total Space | 67.43 Gb Free Space | 22.62% Space Free | Partition Type: NTFS

Drive I: | 698.64 Gb Total Space | 130.30 Gb Free Space | 18.65% Space Free | Partition Type: NTFS

Computer Name: MYPC | User Name: Mark | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/12 13:11:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe

PRC - [2011/12/11 15:56:18 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2011/10/28 18:20:16 | 000,286,736 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

PRC - [2011/06/24 09:41:56 | 015,900,672 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe

PRC - [2011/02/01 04:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe

PRC - [2011/02/01 04:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe

PRC - [2010/12/20 15:46:58 | 000,519,744 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe

PRC - [2010/12/07 13:41:58 | 000,365,704 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe

PRC - [2010/12/07 13:35:12 | 000,219,784 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe

PRC - [2010/11/17 20:29:22 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\Cyberlink\Shared files\brs.exe

PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2010/02/22 16:17:50 | 001,226,024 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

PRC - [2010/02/18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe

PRC - [2010/02/02 23:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Cyberlink\PowerDVD10\PDVD10Serv.exe

PRC - [2009/10/30 03:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\util\DAEMON Tools Lite\DTLite.exe

PRC - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

PRC - [2009/07/29 14:29:48 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2009/03/30 13:07:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2009/03/30 13:07:32 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

PRC - [2009/03/30 13:07:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

PRC - [2009/03/30 13:07:32 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2008/09/10 16:30:52 | 000,427,304 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe

PRC - [2008/05/30 06:48:12 | 001,990,656 | ---- | M] (StorageCraft Technology Corporation) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe

PRC - [2008/04/17 13:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2008/04/13 16:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe

PRC - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/08/21 17:38:26 | 000,061,952 | ---- | M] (StorageCraft Technology Corporation) -- C:\WINDOWS\system32\vsnapvss.exe

PRC - [2007/05/25 17:21:40 | 000,112,216 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\RemotelyAnywhere\x86\ramaint.exe

PRC - [2007/04/05 12:18:34 | 000,063,064 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe

PRC - [2006/07/19 09:00:00 | 000,036,961 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\V0230Mon.exe

PRC - [2006/06/09 00:11:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/11 09:01:13 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

MOD - [2011/12/11 09:01:12 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MOD - [2011/12/11 09:01:11 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2011/12/11 09:01:02 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

MOD - [2011/12/11 09:01:00 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2011/12/11 09:00:58 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2011/12/11 09:00:54 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2011/12/11 09:00:51 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2011/12/11 09:00:49 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/09/23 14:10:48 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll

MOD - [2011/09/23 14:10:47 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

MOD - [2011/09/23 14:10:45 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll

MOD - [2011/09/23 14:10:45 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll

MOD - [2011/09/23 14:10:45 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll

MOD - [2011/09/23 14:10:44 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll

MOD - [2011/09/23 14:10:44 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll

MOD - [2011/09/23 14:10:44 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll

MOD - [2011/09/23 14:10:43 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll

MOD - [2011/09/23 14:10:43 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll

MOD - [2011/09/23 14:10:43 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll

MOD - [2011/05/04 23:02:44 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll

MOD - [2011/05/04 23:02:42 | 001,558,120 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll

MOD - [2010/12/07 13:44:24 | 002,440,328 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsAppRes409.dll

MOD - [2010/12/07 13:41:28 | 000,108,168 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsSQLBackupRestore.dll

MOD - [2010/12/07 13:35:28 | 000,014,336 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\WindowsEventLogWriter.dll

MOD - [2010/12/07 13:32:28 | 000,172,680 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsEngineRes409.dll

MOD - [2010/11/17 13:43:03 | 000,696,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\log4net\b148ea1e60af87aae04848909f5b19f2\log4net.ni.dll

MOD - [2010/11/17 13:38:56 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2010/11/17 13:38:56 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2010/10/06 19:30:58 | 000,005,120 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\throttle.dll

MOD - [2010/08/31 18:30:10 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll

MOD - [2010/08/31 18:30:10 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll

MOD - [2010/08/31 18:30:08 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

MOD - [2010/08/31 18:30:05 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll

MOD - [2010/08/31 18:30:05 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll

MOD - [2010/08/31 18:30:05 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll

MOD - [2010/08/31 18:30:04 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll

MOD - [2010/08/31 18:30:02 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll

MOD - [2010/08/31 18:30:02 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll

MOD - [2010/08/31 18:30:02 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll

MOD - [2010/08/16 09:06:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll

MOD - [2010/08/16 09:06:16 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll

MOD - [2010/08/16 09:05:26 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll

MOD - [2010/08/16 09:05:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll

MOD - [2010/08/16 08:07:27 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll

MOD - [2010/08/16 07:42:25 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll

MOD - [2010/08/16 07:42:17 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll

MOD - [2010/06/01 09:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll

MOD - [2010/02/20 09:42:49 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll

MOD - [2010/02/20 09:42:48 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

MOD - [2010/02/20 09:42:47 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll

MOD - [2010/02/20 09:42:47 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll

MOD - [2010/02/20 09:42:46 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll

MOD - [2010/02/20 09:42:46 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll

MOD - [2010/02/20 09:42:46 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll

MOD - [2010/02/20 09:42:45 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll

MOD - [2010/02/20 09:42:45 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll

MOD - [2010/02/20 09:36:17 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll

MOD - [2010/02/20 09:36:16 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll

MOD - [2010/02/20 09:36:15 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll

MOD - [2010/02/20 09:36:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll

MOD - [2010/02/20 09:36:14 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll

MOD - [2010/02/20 09:36:14 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll

MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\util\WinRAR\RarExt.dll

MOD - [2009/07/29 14:28:46 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll

MOD - [2009/07/29 14:26:46 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

MOD - [2009/06/17 10:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll

MOD - [2009/06/17 10:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll

MOD - [2009/06/17 10:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2009/03/27 17:05:14 | 000,190,976 | ---- | M] () -- C:\WINDOWS\system32\WgaLogon.dll

MOD - [2009/01/10 14:15:44 | 000,159,744 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll

MOD - [2009/01/10 14:14:06 | 000,023,552 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll

MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll

MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll

MOD - [2006/06/09 15:48:52 | 000,253,952 | ---- | M] () -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll

MOD - [2001/06/29 17:38:20 | 000,712,751 | ---- | M] () -- C:\Program Files\Adobe\Photoshop 7.0\Asn.er.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (StorageCraft Image Manager32)

SRV - [2011/12/11 15:56:18 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011/11/25 09:52:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/10/28 18:20:16 | 000,286,736 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)

SRV - [2011/02/01 04:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)

SRV - [2011/02/01 04:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)

SRV - [2010/12/07 13:41:58 | 000,365,704 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)

SRV - [2010/11/22 18:09:14 | 000,179,200 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe -- (Backup Client Agent Service)

SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2010/02/18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)

SRV - [2009/03/30 13:07:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2009/03/30 13:07:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2009/03/30 13:07:32 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2009/03/30 13:07:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2009/03/30 13:07:32 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)

SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2008/09/10 16:30:52 | 000,427,304 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)

SRV - [2008/05/30 06:48:12 | 001,990,656 | ---- | M] (StorageCraft Technology Corporation) [Auto | Running] -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe -- (ShadowProtectSvc)

SRV - [2008/04/17 13:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)

SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

SRV - [2007/10/24 14:26:22 | 000,069,632 | ---- | M] (StorageCraft Technology Corporation) [Auto | Stopped] -- C:\Program Files\StorageCraft\ImageManager\ImageManager.exe -- (StorageCraft Image Manager)

SRV - [2007/08/21 17:38:26 | 000,061,952 | ---- | M] (StorageCraft Technology Corporation) [Auto | Running] -- C:\WINDOWS\system32\vsnapvss.exe -- (VSNAPVSS)

SRV - [2007/08/11 19:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

SRV - [2007/05/25 17:21:40 | 000,112,216 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe -- (RAMaint)

SRV - [2007/04/05 12:18:34 | 000,063,064 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe -- (RemotelyAnywhere)

========== Driver Services (SafeList) ==========

DRV - [2011/11/09 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2011/11/09 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011/08/07 15:56:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2011/08/03 00:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVEX15.SYS -- (NAVEX15)

DRV - [2011/08/03 00:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVENG.SYS -- (NAVENG)

DRV - [2011/03/25 05:54:31 | 000,117,752 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2011/03/24 09:57:54 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)

DRV - [2011/03/24 09:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2010/11/17 20:29:20 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/03/24 13:54:55] [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})

DRV - [2010/09/21 08:10:32 | 000,192,504 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ArcSec.sys -- (ArcSec)

DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)

DRV - [2010/05/27 05:56:03 | 000,041,728 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)

DRV - [2010/03/09 15:57:10 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (btkrnl)

DRV - [2010/03/09 15:57:10 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2010/03/09 15:57:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2010/03/09 15:57:10 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)

DRV - [2010/03/09 15:57:10 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2010/03/09 15:57:10 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2010/03/09 15:57:10 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)

DRV - [2010/02/17 09:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2010/02/17 09:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 09:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2009/08/12 14:11:03 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2009/06/24 22:07:43 | 005,095,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/06/24 22:07:40 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (Monfilt)

DRV - [2009/06/24 22:07:39 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ambfilt.sys -- (Ambfilt)

DRV - [2009/04/12 10:54:54 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2009/03/30 16:53:56 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/05/31 16:45:32] [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})

DRV - [2009/03/30 13:07:34 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2009/03/30 13:07:34 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)

DRV - [2009/03/30 13:07:34 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2009/03/30 13:07:28 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2008/06/18 17:21:10 | 000,096,512 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\archlp.sys -- (archlp)

DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008/04/13 10:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)

DRV - [2008/04/13 10:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)

DRV - [2008/03/13 22:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2007/11/02 13:27:24 | 000,079,616 | ---- | M] (StorageCraft Technology Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\sbmount.sys -- (sbmount)

DRV - [2007/10/24 04:46:08 | 000,113,904 | ---- | M] (StorageCraft Technology Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\stcvsm.sys -- (stcvsm)

DRV - [2007/05/25 17:22:30 | 000,083,568 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\RARfsClientNP.dll -- (RARfsClientNP)

DRV - [2007/04/17 13:00:32 | 000,012,992 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\RemotelyAnywhere\x86\rainfo.sys -- (RAInfo)

DRV - [2007/04/17 13:00:30 | 000,010,168 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ramirr.sys -- (ramirr)

DRV - [2007/04/05 10:55:16 | 000,046,000 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\RARfsDriver.sys -- (RARfsDriver)

DRV - [2007/03/01 00:05:38 | 000,090,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2006/11/11 01:25:19 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)

DRV - [2006/08/11 13:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2006/08/11 13:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV - [2006/08/11 13:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hap17v2k.sys -- (hap17v2k)

DRV - [2006/08/11 13:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)

DRV - [2006/08/11 13:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k)

DRV - [2006/08/11 13:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2006/08/11 13:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2006/08/11 13:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2006/08/11 13:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2006/07/24 09:00:00 | 000,498,464 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0230VID.sys -- (V0230VID)

DRV - [2006/03/23 09:00:00 | 000,006,272 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0230Vfx.sys -- (V0230Vfx)

DRV - [2006/02/07 03:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)

DRV - [2005/11/10 16:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)

DRV - [2005/07/28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)

DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41 [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41 [binary data]

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41 [binary data]

IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=5

IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41 [binary data]

IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html

IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com

IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.8

FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Mark\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/02/08 17:04:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/02/08 17:04:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/08 20:36:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/22 09:49:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/03 17:16:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/08 20:36:42 | 000,000,000 | ---D | M]

[2009/11/26 12:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions

[2011/12/12 08:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions

[2010/07/15 06:23:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/06/01 07:42:10 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\DTToolbar@toolbarnet.com

[2010/09/21 10:24:44 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\searchtoolbar@zugo.com

[2011/12/12 08:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\staged

[2009/12/26 10:08:58 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\searchplugins\askcom.xml

[2011/08/07 15:56:33 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\searchplugins\daemon-search.xml

[2011/12/11 15:56:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/08/23 08:29:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2011/12/11 15:56:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\P5OO56MT.DEFAULT\EXTENSIONS\FIREFOX1@MYIBAY.COM.XPI

[2011/11/22 09:49:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/12/11 15:56:18 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/05/26 07:43:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/22 09:49:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

Hosts file not found

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe (Creative Technology Ltd.)

O4 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

O4 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003..\Run: [DAEMON Tools Lite] C:\util\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk = C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe (NovaStor)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Server.lnk = C:\Program Files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe (ArcSoft Inc.)

O4 - Startup: C:\Documents and Settings\Mark\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Program Files\Jts\WiseUpdt.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0

O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)

O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: google-analytics.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: novastor.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: novastor.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} http://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab (SlingHealth Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.115/WebSlingPlayer.cab (WebSlingPlayer)

O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} http://mypc:2000/activex/RACtrl.cab (Performance Viewer Activex Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E1FF7CE-12D4-48A4-B40B-360FD23B51A6}: DhcpNameServer = 192.168.1.1 68.238.64.12

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) -C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/12 10:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Local Settings\Application Data\Sun

[2011/12/12 06:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun

[2011/12/11 15:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/12/11 15:56:29 | 000,128,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2011/12/11 15:56:28 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2011/12/11 15:56:28 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2011/12/11 15:56:28 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2011/12/11 09:03:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/12/10 12:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011/12/10 09:57:32 | 004,334,705 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark\Desktop\ComboFix.exe

[2011/12/08 07:14:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark\Desktop\dds.scr

[2011/12/08 02:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/12/07 23:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2011/12/07 21:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer

[2011/12/07 20:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/11/25 11:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/11/25 11:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/11/25 11:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/11/25 11:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/11/25 10:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rosetta Stone

[2011/11/25 09:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup

[2009/05/26 20:59:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mark\Application Data\pcouffin.sys

[2006/08/11 13:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[2006/08/11 13:43:00 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE

========== Files - Modified Within 30 Days ==========

[2011/12/28 10:41:03 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A7972C66-43AF-4964-A40E-32D2946479FE}.job

[2011/12/12 13:11:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe

[2011/12/12 13:02:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003UA.job

[2011/12/12 12:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/12 12:55:19 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/12 10:31:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/12 10:28:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile

[2011/12/12 10:28:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/12/12 10:04:40 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx

[2011/12/12 10:04:40 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx

[2011/12/12 10:04:40 | 000,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx

[2011/12/12 10:04:40 | 000,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx

[2011/12/12 10:04:40 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx

[2011/12/12 10:04:40 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2011/12/12 10:04:40 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2011/12/12 03:02:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003Core.job

[2011/12/11 15:56:17 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2011/12/11 15:56:17 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2011/12/11 15:56:17 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2011/12/11 15:56:17 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2011/12/11 15:56:17 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2011/12/11 09:02:01 | 000,481,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/12/11 09:02:01 | 000,084,566 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/12/10 20:46:30 | 000,313,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/12/10 13:28:10 | 000,014,870 | ---- | M] () -- C:\ComboFix.zip

[2011/12/10 09:57:37 | 004,334,705 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark\Desktop\ComboFix.exe

[2011/12/10 09:28:44 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/08 16:30:43 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/12/08 16:30:43 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/08 16:03:14 | 000,012,708 | -HS- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\f7n6beithc3553o8ae7ie4l1neo

[2011/12/08 16:03:14 | 000,012,708 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\f7n6beithc3553o8ae7ie4l1neo

[2011/12/08 13:09:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/12/08 07:14:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark\Desktop\dds.scr

[2011/12/08 06:55:19 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Qx8JA8PBv.dat

[2011/12/08 06:55:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\kG5MuXD4.com.b

[2011/11/25 11:48:55 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/11/25 11:17:16 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella

[2011/11/24 10:45:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/11/19 20:23:38 | 000,145,003 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Our Wii Games.gmc

[2011/11/18 17:57:43 | 000,001,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/12/10 13:28:10 | 000,014,870 | ---- | C] () -- C:\ComboFix.zip

[2011/12/08 16:30:43 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/12/08 06:55:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\kG5MuXD4.com.b

[2011/12/08 06:12:30 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Qx8JA8PBv.dat

[2011/12/07 17:28:50 | 000,012,708 | -HS- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\f7n6beithc3553o8ae7ie4l1neo

[2011/12/07 17:28:50 | 000,012,708 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\f7n6beithc3553o8ae7ie4l1neo

[2011/11/25 11:48:55 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/10/10 21:31:04 | 000,000,097 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1.12.0.lic

[2011/09/07 11:45:33 | 000,000,052 | ---- | C] () -- C:\WINDOWS\ib.ini

[2011/09/07 11:45:31 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll

[2011/08/09 17:12:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/08/09 17:12:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/08/09 17:12:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/08/09 17:12:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/08/09 17:12:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/07/13 08:23:25 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/07/13 08:23:22 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/07/13 08:23:22 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/07/13 08:23:10 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2011/07/07 08:11:38 | 002,340,992 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe

[2011/07/07 08:11:38 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll

[2011/07/07 08:11:37 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe

[2011/07/07 08:11:37 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys

[2011/07/07 08:11:37 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys

[2011/06/25 14:37:24 | 000,012,910 | -HS- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\22500634ug8u87c8e64k6l3sf3v

[2011/06/25 14:37:24 | 000,012,910 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\22500634ug8u87c8e64k6l3sf3v

[2011/06/19 13:42:35 | 000,003,651 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate

[2011/06/06 19:41:27 | 000,018,021 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat

[2011/06/06 19:01:21 | 000,002,985 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat

[2011/06/06 18:59:21 | 000,002,886 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [iD Tag Update] Codec.dat

[2011/06/06 13:04:37 | 000,002,852 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat

[2011/06/06 13:04:20 | 000,001,195 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Dalet Codec.dat

[2011/06/06 13:04:06 | 000,003,142 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat

[2011/06/06 13:02:34 | 000,002,433 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Batch Ripper.dat

[2011/05/24 10:37:25 | 000,002,854 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat

[2011/04/25 15:56:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/03/26 09:27:36 | 000,001,833 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat

[2011/03/26 09:27:31 | 000,001,213 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Wave64 Codec.dat

[2011/03/26 09:27:25 | 000,002,217 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat

[2011/03/26 09:27:21 | 000,011,462 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat

[2011/03/26 09:26:56 | 000,002,997 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp WavPack Codec.dat

[2011/03/26 09:26:47 | 000,003,054 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat

[2011/03/26 09:26:29 | 000,003,096 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat

[2011/03/26 09:26:20 | 000,002,976 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat

[2011/03/26 09:26:11 | 000,002,832 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat

[2011/03/26 09:25:20 | 000,012,485 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat

[2011/03/26 09:25:06 | 003,835,624 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe

[2011/02/11 15:13:15 | 000,081,737 | ---- | C] () -- C:\WINDOWS\hpqins13.dat

[2011/02/08 20:23:24 | 000,000,053 | ---- | C] () -- C:\WINDOWS\DVDFab.INI

[2011/02/08 16:58:39 | 000,239,702 | ---- | C] () -- C:\WINDOWS\hpwins05.dat

[2011/02/08 16:58:39 | 000,003,111 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat

[2011/01/18 10:17:21 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2011/01/12 23:22:01 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI

[2010/09/21 08:10:32 | 000,192,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\ArcSec.sys

[2010/06/24 23:43:05 | 000,003,716 | R--- | C] () -- C:\WINDOWS\System32\drivers\V0230FwH.bin

[2010/06/24 23:43:05 | 000,003,716 | R--- | C] () -- C:\WINDOWS\System32\drivers\V0230FwF.bin

[2010/06/17 14:00:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/05/24 19:55:44 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/05/24 19:26:52 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\winscp.rnd

[2010/05/21 05:53:44 | 000,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/04/24 12:50:37 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2010/04/24 12:50:37 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2010/04/24 12:49:58 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2010/04/24 12:49:58 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2010/04/24 12:49:56 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2010/03/15 12:29:37 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

[2010/03/12 22:35:50 | 000,696,832 | ---- | C] () -- C:\WINDOWS\is-77VKD.exe

[2010/03/12 13:44:17 | 000,012,508 | -HS- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\e47O

[2010/03/09 21:26:31 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc

[2010/03/09 20:42:48 | 000,000,385 | ---- | C] () -- C:\WINDOWS\{2158ED55-19D1-4C0C-B213-5EFF748248AC}_WiseFW.ini

[2009/11/26 12:50:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/09/17 05:46:09 | 000,000,137 | -H-- | C] () -- C:\Documents and Settings\Mark\Application Data\lakerda1967.sys

[2009/09/17 05:45:50 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\docXConverter (3).ini

[2009/08/19 14:42:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SfwIFmt.dll

[2009/08/19 14:39:53 | 000,001,132 | ---- | C] () -- C:\WINDOWS\PODW.INI

[2009/08/06 15:23:06 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\$_hpcst$.hpc

[2009/07/29 14:28:46 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2009/07/23 10:56:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/07/02 12:33:58 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\default.rss

[2009/07/02 12:33:47 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/06/27 08:53:13 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\archlp.sys

[2009/05/28 17:35:54 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll

[2009/05/28 12:07:34 | 000,000,352 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2009/05/26 20:59:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\pcouffin.cat

[2009/05/26 20:59:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\pcouffin.inf

[2009/05/19 07:03:16 | 000,116,842 | ---- | C] () -- C:\WINDOWS\hpqins00.dat

[2009/05/08 11:13:52 | 000,239,774 | ---- | C] () -- C:\WINDOWS\hpwins05.dat.temp

[2009/05/08 11:13:52 | 000,003,111 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat.temp

[2009/05/03 13:10:50 | 000,071,376 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/04/20 18:57:35 | 000,054,941 | ---- | C] () -- C:\WINDOWS\War3Unin.dat

[2009/04/18 18:51:11 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/04/17 13:57:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009/04/16 12:02:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL

[2009/04/15 18:26:10 | 000,016,050 | ---- | C] () -- C:\WINDOWS\hpwscr05.dat

[2009/04/15 18:11:24 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2009/04/15 18:10:33 | 000,000,756 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2009/04/14 22:26:18 | 000,000,441 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI

[2009/04/12 16:15:11 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/04/12 08:05:40 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2009/04/12 08:05:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL

[2009/04/12 08:05:40 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2009/04/11 16:28:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/04/11 16:25:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/04/11 09:03:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/04/11 09:03:02 | 000,313,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/01/14 15:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll

[2007/10/04 16:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/05/22 18:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

[2006/08/11 13:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL

[2006/08/11 13:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE

[2006/08/11 13:49:24 | 000,323,640 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2006/08/11 13:49:24 | 000,044,567 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat

[2006/08/11 13:45:18 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE

[2006/08/11 13:45:08 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat

[2006/08/11 13:43:26 | 000,265,042 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat

[2006/08/11 13:43:20 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT

[2006/08/11 13:43:18 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT

[2006/08/11 13:43:04 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat

[2006/08/11 13:43:04 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat

[2006/08/11 13:43:02 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE

[2006/05/23 11:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

[2005/08/26 13:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe

[2005/08/26 13:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe

[2005/08/26 13:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe

[2005/06/16 17:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL

[2004/08/04 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/04 04:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 04:00:00 | 000,481,500 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 04:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 04:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2004/08/04 04:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2004/08/04 04:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2004/08/04 04:00:00 | 000,084,566 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 368 bytes -> C:\Documents and Settings\Mark\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63

< End of report >

Link to post
Share on other sites

Hi, please let me know if the problem still occurs after the following fix.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlicon.png on your desktop.
  2. Copy and Paste the following code into the customscanfix.png textbox.
    :otl
    IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
    IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
    O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
    O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: novastor.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: novastor.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)

    :commands
    [emptytemp]


  3. Push runfix.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click the OK button.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

My IE is still opening other windows to random websites.

All processes killed

========== OTL ==========

HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cleverreach.com\novastor\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google-analytics.com\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\novastor.com\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\novastor.com\ not found.

Registry key HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.MYPC

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 3026 bytes

User: Mark

->Temp folder emptied: 219663870 bytes

->Temporary Internet Files folder emptied: 224197907 bytes

->Java cache emptied: 37045751 bytes

->FireFox cache emptied: 51339433 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 60753811 bytes

User: NeroMediaHomeUser.4

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 560680883 bytes

->Java cache emptied: 185992 bytes

->Flash cache emptied: 68904 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3952928 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 117713595 bytes

Total Files Cleaned = 1,217.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12132011_082002

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Mark\Local Settings\Temp\Perflib_Perfdata_11c0.dat not found!

C:\Documents and Settings\Mark\Local Settings\Temp\WCESLog.log moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\QADOZYLO\launch[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\QADOZYLO\topbuttons[1].xml moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\QADOZYLO\view[1].html moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\HZLXV7XS\01[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\HZLXV7XS\data_sync[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\HZLXV7XS\iframe3[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\HZLXV7XS\iframe3[2].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\HZLXV7XS\sponsor_livequotes;sym=NVDA;u=^^;sz=288x40;tile=1;ord=88065114[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\BWY54X0V\blank[1].html moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\BWY54X0V\controller[1].html moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\BWY54X0V\hub[1].html moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\B38I6THO\aceUAC[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\B38I6THO\like[2].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\B38I6THO\like[3].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\B38I6THO\like[4].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\B38I6THO\like[5].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\B38I6THO\tech-stocks-hit-as-intel-warns-on-sales-2011-12-12[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\4455[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\likeCA4JPRAD.htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[10].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[11].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[2].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[3].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[4].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[5].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[6].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[7].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[8].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[9].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\ping[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\search[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\st[1] moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\6LWTULWJ\ext-render-secure[2].html moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\6LWTULWJ\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\6LWTULWJ\yimapp[1].html moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\4FK2M1FY\st[1] moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\de[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\fc[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\index[1].php moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\login_status[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\markets_peekaboo;u=^^;sz=234x31;tile=1;ord=1111907664[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\re[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\re[2].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\st[1] moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\tech_column;pos=1;u=^^;sz=288x40;tile=10;ord=1111907664[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\tech_column;pos=2;u=^^;sz=288x40;tile=11;ord=1111907664[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\tech_column;pos=3;u=^^;sz=288x40;tile=12;ord=1111907664[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\tech_column;pos=4;u=^^;sz=288x40;tile=13;ord=1111907664[1].htm moved successfully.

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\tech_column;pos=5;u=^^;sz=288x40;tile=14;ord=1111907664[1].htm moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

I noticed my CPU utilization was jumping even though I wasn't really doing anything. I checked my processes and there is a process "ping.exe" that is using up some of the CPU bandwidth. I did a search on the web and apparently there is a ping.exe virus? I tried killing the process but it comes back. Any idea how to get rid of this?

Link to post
Share on other sites

ping.exe can be malware, but it depends on the location. If it is in c:\windows\system32\ping.exe, there is nothing to worry about, that is the default and legit Windows file. :)

Did you manage to disable the IE add ons and were you able to determine if any caused the redirects?

Link to post
Share on other sites

I disabled all add-ons in IE and I am still getting redirected. I also did some more browseing in Firefox and also am getting redirected to advertisement sites.

I ran eset online virus checker first time it found viruses without completing it stalled. I then ran it a second time and it found viruses and completed but was unable to clean everything:

"C:\WINDOWS\system32\drivers\mrxsmb.sys Win32/Sirefef.DA trojan unable to clean

Operating memory multiple threats"

Here are both logs starting with the first:

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\13\16431a4d-50d8eb75 Java/Exploit.CVE-2011-3544.F trojan deleted - quarantined

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\24\762072d8-2fa85b8e Java/Exploit.CVE-2011-3544.F trojan deleted - quarantined

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\27\6584d6db-20ba10fe Java/Agent.DY trojan deleted - quarantined

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\6\539bac06-5aec0e7d Java/Agent.DY trojan deleted - quarantined

C:\dwld\Android Applications Sep 2010\Applications.rar multiple threats deleted - quarantined

C:\dwld\Android Part Two\Apps\z4root_(1.3.0).apk Android/Exploit.RageCage.A trojan deleted - quarantined

Here is the second log which completed (100% scan):

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP100\A0018531.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP100\A0019531.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP101\A0020532.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP101\A0021531.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP101\A0022753.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP102\A0022783.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP102\A0023783.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP103\A0024067.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP103\A0025067.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP103\A0026067.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP105\A0026473.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP107\A0026527.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP108\A0026595.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP111\A0027595.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP98\A0014419.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP98\A0015419.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP99\A0015473.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP99\A0015503.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP99\A0016502.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C6C4B482-C7EA-4B74-A10F-7986DDA0628E}\RP99\A0017502.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\drivers\mrxsmb.sys Win32/Sirefef.DA trojan unable to clean

Operating memory multiple threats

Link to post
Share on other sites

Yikes! The situation just got a WHOLE lot worse. I just received a call from my credit card company that a fraudulent charge of $1,700 dollars was made in an Apple store in Alberta Canada! I am pretty sure this is a result of me makiing a purchase online on the infected computer. I just got this card because my previous card also had a fraudulent charge. Probably, also because of purchase on the same computer. I am no longer entering any financial data on this computer. Until I am confident it is clean.

I tried running combofix again. I downloaded and saved it to the desktop and under a different file name. This time it stalled at trying to reboot. I had to hard reset the computer. I booted into safe mode with no netwoking support. A combofix window opened saying it was preparing a log report. It did produce a log file which I will post shortly.

Also, ran ESET online it says that the machine is infected with Win32/Sirefef.DA.trojan. One of the files in the system32 folder it said it could not delete. However I was able to manually delete it and empty the recycle bin. The combofix report was run after this.

Link to post
Share on other sites

This is indeed also the reason I gave you the backdoor warning in my first reply. Unfortunately these things happen and I hope you were able to block the transfer. If you have not done so, change any passwords for mail accounts and similar using a clean computer.

Do you remember what file was detected by ESET. Sirefef infected files should not be deleted, instead they need to be replaced. These files are usually necessary for Windows to function.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"=-

Driver::
nnyatg

File::
c:\windows\system32\drivers\srdnayo.sys


Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.