Jump to content

Recommended Posts

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

I guess I should have put the txt files in the body of the message...oops

Here you go

.

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

100% Free Euchre 7.40

1500

1500_Help

1500Trb

Acrobat.com

Adobe Acrobat 5.0

Adobe AIR

Adobe Reader X (10.0.1)

AFPL Ghostscript Fonts

AiO_Scan

AiOSoftware

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

Audacity 1.2.6

AutoUpdate

Backblaze

BlackBerry Desktop Software 6.1

BufferChm

Compatibility Pack for the 2007 Office system

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

Critical Update for Windows Media Player 11 (KB959772)

Delete Duplicate Files 2.9

Destinations

Device Doctor v2.1

DeviceManagementQFolder

DivX

DocProc

DVD Show

DVD Solution

eSupportQFolder

F-Secure PSC Prerequisites

Fax

File Type Assistant

FinalTorrent 2011

GdiplusUpgrade

getPlus®_ocx

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Google Web Accelerator

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format SDK (KB902344)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Imaging Device Functions 5.3

HP Photosmart Essential

HP PSC & OfficeJet 5.3.B

HP Software Update

HP Solution Center & Imaging Support Tools 5.3

HPProductAssistant

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 7

J2SE Runtime Environment 5.0 Update 9

Java Auto Updater

Java 6 Update 2

Java 6 Update 29

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

JetSuite Pro for the HP LaserJet 3150

LG ODD Auto Firmware Update

LightScribe 1.4.74.1

Linksys EasyLink Advisor 1.5 (1044)

Lizardtech DjVu Control (autoinstall)

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Default Manager

Microsoft IntelliPoint 5.2

Microsoft IntelliType Pro 5.2

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Outlook Personal Folders Backup

Microsoft Silverlight

Microsoft UI Engine

Microsoft User-Mode Driver Framework Feature Pack 1.9

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC100_CRT_SP1_x86

MozyHome Remote Backup

MSVC80_x86_v2

MSVC90_x86

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB925673)

Multimedia Launcher

NewCopy

Nikon Message Center 2

Nitro PDF Professional

Nokia Connectivity Cable Driver

Nokia PC Internet Access

Nokia PC Suite

Nokia Suite

NVIDIA Control Panel 285.58

NVIDIA Graphics Driver 285.58

NVIDIA Install Application

office Convert Pdf to Jpg Jpeg Tiff Free 6.4

OGA Notifier 2.0.0048.0

Olympus Digital Wave Player

OpenOffice.org Installer 1.0

PC Connectivity Solution

Picasa 3

Picture Control Utility

PictureProject

PictureProject In Touch Downloader 1.0

PowerDVD

PowerProducer

ProductContext

Quicken 2009

QuickTime

Readme

RealPlayer

Realtek AC'97 Audio

Revo Uninstaller 1.75

Scan

ScannerCopy

SCRABBLE

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2124261)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2290570)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB913433)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB970483)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SiS 900 PCI Fast Ethernet Adapter Driver

SolutionCenter

Status

System Requirements Lab

Total Annihilation

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

ViewNX 2

WebEx

WebEx Support Manager for Internet Explorer

WebFldrs XP

WebReg

Windows Driver Package - Nokia Modem (02/25/2011 4.7)

Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows Media Connect

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 11

Windows Presentation Foundation

Windows Rights Management Client Backwards Compatibility SP2

Windows Rights Management Client with Service Pack 2

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

ZoomTown Internet Security

ZoomTown Software

.

==== End Of File ===========================

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by bdm at 13:38:04 on 2012-02-04

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://cincymls.net/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\ztinternetsecurity\nrs\iescript\baselitmus.dll

TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\ztinternetsecurity\nrs\iescript\baselitmus.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll

uRun: [backblaze] "c:\program files\backblaze\bzbui.exe" -quiet

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [F-Secure Manager] "c:\program files\ztinternetsecurity\common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "c:\program files\ztinternetsecurity\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

dRun: [backblaze] "c:\program files\backblaze\bzbui.exe" -quiet

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hplase~1.lnk - c:\jetsuite\JETSTAT.EXE

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: c:\program files\ztinternetsecurity\fsps\program\FSLSP.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.200.1

TCP: Interfaces\{5339B1B0-5718-40BA-8267-43F5516AA1AB} : DhcpNameServer = 192.168.200.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-02-03 23:16:43 -------- d-sha-r- C:\cmdcons

2012-02-03 00:17:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-02 22:41:27 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-02-02 22:41:27 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-01 15:15:15 -------- d-----w- c:\windows\tmp

2012-01-31 08:16:38 -------- d-----w- C:\USMT2.UNC

2012-01-27 00:13:34 -------- d-----w- c:\documents and settings\bdm\application data\Nuance

2012-01-27 00:12:52 -------- d-----w- c:\documents and settings\bdm\application data\FLEXnet

2012-01-27 00:05:53 -------- d-----w- c:\program files\Nuance

2012-01-27 00:05:53 -------- d-----w- c:\documents and settings\all users\application data\Nuance

2012-01-26 22:47:19 -------- d-----w- c:\program files\Skype

2012-01-16 13:27:03 -------- d-----w- c:\program files\common files\PCSuite

2012-01-16 13:26:19 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2012-01-16 13:26:09 -------- d-----w- c:\program files\PC Connectivity Solution

2012-01-16 13:25:38 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2012-01-16 13:25:37 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2012-01-16 13:25:36 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2012-01-16 13:25:35 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2012-01-07 20:23:13 215920 ----a-w- c:\windows\system32\muweb.dll

2012-01-07 00:30:24 -------- d-----w- C:\lj628

2012-01-06 18:36:24 -------- d-----w- c:\documents and settings\bdm\application data\FinalTorrent

2012-01-06 16:51:13 -------- d-----w- c:\program files\File Type Assistant

2012-01-06 16:48:16 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2012-01-06 16:47:44 -------- d-----w- c:\program files\FinalTorrent

2012-01-06 00:34:38 -------- d-----w- c:\documents and settings\bdm\application data\WinBatch

2012-01-06 00:19:08 -------- d-----w- c:\program files\Silicon Integrated Systems

2012-01-05 23:33:34 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation

2012-01-05 23:33:14 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2012-01-05 23:33:05 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-01-05 23:33:05 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-01-05 23:33:05 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-01-05 23:31:50 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-01-05 23:31:49 877376 ----a-w- c:\windows\system32\nvgenco32.dll

2012-01-05 23:31:48 919872 ----a-w- c:\windows\system32\nvdispco32.dll

2012-01-05 23:31:47 5595136 ----a-w- c:\windows\system32\nvcuda.dll

2012-01-05 23:31:47 2398016 ----a-w- c:\windows\system32\nvcuvid.dll

2012-01-05 23:31:47 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-01-05 23:31:47 17240064 ----a-w- c:\windows\system32\nvcompiler.dll

2012-01-05 23:31:21 -------- d-----w- c:\program files\NVIDIA Corporation

2012-01-05 23:30:29 -------- d-----w- C:\NVIDIA

2012-01-05 23:25:34 -------- d-----w- c:\program files\SystemRequirementsLab

2012-01-05 21:52:29 -------- d-----w- c:\documents and settings\bdm\application data\Device Doctor

2012-01-05 21:51:40 -------- d-----w- c:\program files\Device Doctor

2012-01-05 19:57:51 -------- d-----w- c:\windows\system32\DRM

.

==================== Find3M ====================

.

2012-01-13 13:42:49 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-01-13 13:29:15 80080 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2012-01-06 00:13:52 48128 ----a-w- c:\windows\system32\drivers\SiSRaid.sys

2012-01-06 00:13:51 135168 ----a-w- c:\windows\system32\property.dll

2012-01-06 00:02:50 32768 ----a-w- c:\windows\system32\drivers\sisnicxp.sys

2011-12-29 16:06:12 106496 ----a-w- c:\windows\system32\ATL71.DLL

2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll

2004-10-01 19:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

============= FINISH: 13:41:10.53 ===============

Link to post
Share on other sites

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Download OTL to your Desktop.

  • Double click on the icon to run it.
  • Under the Custom.jpg box paste this in


activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

Please download Gmer from here and save it to your Desktop.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    th_Gmer_initScan.gif
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    [*] Then click the Scan button & wait for it to finish.

    [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

    [*]Save it where you can easily find it, such as your desktop

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please post in your next reply

OTL.txt

Extras.txt

ark.txt

Link to post
Share on other sites

Hello,

Thank you for the help!

1) Ran OTL report is below.

2) Tried to run GMER.exe but it locked up on me

3) Tried to run GMER.exe in safe mode but it locked up on me.

OTL logfile created on: 2/5/2012 11:01:52 AM - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\bdm\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.61% Memory free

3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.83% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 33.80 Gb Free Space | 45.36% Space Free | Partition Type: NTFS

Drive E: | 931.51 Gb Total Space | 931.42 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Drive F: | 232.88 Gb Total Space | 120.72 Gb Free Space | 51.84% Space Free | Partition Type: NTFS

Drive G: | 74.52 Gb Total Space | 24.75 Gb Free Space | 33.21% Space Free | Partition Type: NTFS

Computer Name: BRIANHOM-4E079B | User Name: bdm | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/05 11:01:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bdm\My Documents\Downloads\OTL (3).exe

PRC - [2012/01/16 20:09:12 | 000,495,400 | ---- | M] () -- C:\Program Files\Backblaze\bzbui.exe

PRC - [2012/01/16 20:09:11 | 000,211,240 | ---- | M] () -- C:\Program Files\Backblaze\bzserv.exe

PRC - [2012/01/13 08:40:17 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Ztinternetsecurity\Anti-Virus\fsav32.exe

PRC - [2012/01/13 08:29:15 | 000,522,928 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Ztinternetsecurity\FWES\program\fsdfwd.exe

PRC - [2012/01/13 08:29:10 | 000,219,824 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Ztinternetsecurity\Anti-Virus\fsgk32st.exe

PRC - [2012/01/13 08:29:08 | 000,199,344 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Ztinternetsecurity\Common\FSM32.EXE

PRC - [2012/01/13 08:29:08 | 000,187,056 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Ztinternetsecurity\Common\FSMA32.EXE

PRC - [2012/01/13 08:29:08 | 000,088,752 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Ztinternetsecurity\Common\FSHDLL32.EXE

PRC - [2011/12/16 11:04:38 | 001,508,408 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

PRC - [2011/11/30 16:12:40 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

PRC - [2011/11/30 16:12:22 | 000,173,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

PRC - [2011/11/30 16:12:14 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

PRC - [2011/09/08 06:26:09 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Ztinternetsecurity\Anti-Virus\fssm32.exe

PRC - [2011/09/08 06:26:09 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Ztinternetsecurity\Anti-Virus\fsgk32.exe

PRC - [2011/05/23 05:28:29 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Ztinternetsecurity\ORSP Client\fsorsp.exe

PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [1999/10/19 16:03:10 | 000,065,024 | ---- | M] (eFax.com) -- c:\jetsuite\jsfman.exe

PRC - [1999/10/13 12:15:12 | 000,147,456 | ---- | M] (eFax.com) -- C:\jetsuite\JETSTAT.EXE

PRC - [1999/09/22 10:48:52 | 000,045,056 | ---- | M] (JetFax, Inc.) -- c:\jetsuite\JSDAEMON.EXE

========== Modules (No Company Name) ==========

MOD - [2012/01/16 20:09:12 | 000,495,400 | ---- | M] () -- C:\Program Files\Backblaze\bzbui.exe

MOD - [2012/01/16 20:09:11 | 000,211,240 | ---- | M] () -- C:\Program Files\Backblaze\bzserv.exe

MOD - [2012/01/13 08:29:29 | 000,236,208 | ---- | M] () -- \\?\c:\program files\ztinternetsecurity\hips\fsumi.dll

MOD - [2012/01/13 08:29:23 | 000,199,344 | ---- | M] () -- C:\Program Files\Ztinternetsecurity\Spam Control\fsas.dll

MOD - [2012/01/13 08:29:20 | 000,086,016 | ---- | M] () -- C:\Program Files\Ztinternetsecurity\FSGUI\strres.eng

MOD - [2012/01/13 08:29:18 | 000,551,600 | ---- | M] () -- C:\Program Files\Ztinternetsecurity\FSGUI\gres.dll

MOD - [2012/01/13 08:29:16 | 000,441,008 | ---- | M] () -- C:\Program Files\Ztinternetsecurity\FSGUI\about.dll

MOD - [2012/01/13 08:29:16 | 000,143,360 | ---- | M] () -- C:\Program Files\Ztinternetsecurity\FSGUI\flyerres.eng

MOD - [2012/01/13 08:29:16 | 000,088,752 | ---- | M] () -- C:\Program Files\Ztinternetsecurity\FSGUI\aboutres.dll

MOD - [2012/01/13 08:29:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Ztinternetsecurity\FSGUI\fsavures.eng

MOD - [2012/01/13 08:29:12 | 000,001,536 | ---- | M] () -- C:\Program Files\Ztinternetsecurity\FSPC\fspcfsm.eng

MOD - [2012/01/13 08:29:10 | 000,036,864 | ---- | M] () -- C:\Program Files\Ztinternetsecurity\Anti-Virus\fsavhres.eng

MOD - [2011/12/16 11:05:12 | 000,345,656 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll

MOD - [2011/12/16 11:05:10 | 000,282,168 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll

MOD - [2011/12/16 11:05:06 | 008,197,176 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll

MOD - [2011/12/16 11:05:04 | 002,302,008 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll

MOD - [2011/12/16 11:05:02 | 000,027,704 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll

MOD - [2011/12/16 11:05:00 | 000,202,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll

MOD - [2011/06/08 21:54:28 | 000,030,888 | ---- | M] () -- C:\Program Files\Ztinternetsecurity\Anti-Virus\minifilter\hashlib_x86.dll

MOD - [2010/09/21 09:54:32 | 000,768,712 | ---- | M] () -- C:\Program Files\Ztinternetsecurity\Anti-Virus\fm4av.dll

MOD - [2005/07/15 13:35:56 | 000,831,488 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (stllssvr)

SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9)

SRV - File not found [Disabled | Stopped] -- -- (Roxio Upnp Server 9)

SRV - File not found [Disabled | Stopped] -- -- (Roxio UPnP Renderer 9)

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2012/01/16 20:09:11 | 000,211,240 | ---- | M] () [Auto | Running] -- C:\Program Files\Backblaze\bzserv.exe -- (bzserv)

SRV - [2012/01/13 08:29:15 | 000,522,928 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Ztinternetsecurity\FWES\Program\fsdfwd.exe -- (FSDFWD)

SRV - [2012/01/13 08:29:10 | 000,219,824 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Ztinternetsecurity\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)

SRV - [2012/01/13 08:29:08 | 000,187,056 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Ztinternetsecurity\Common\FSMA32.EXE -- (FSMA)

SRV - [2011/11/30 16:12:40 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2011/05/23 05:28:29 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Ztinternetsecurity\ORSP Client\fsorsp.exe -- (FSORSPClient)

SRV - [2008/07/02 18:25:02 | 000,208,896 | ---- | M] (Author: Brana Bujenovic) [Disabled | Stopped] -- C:\Program Files\Delete Duplicate Files\DDFS.exe -- (Delete Duplicate Files Scan on Schedule Service)

SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)

SRV - [2008/04/13 19:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)

SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [1999/09/22 10:48:52 | 000,045,056 | ---- | M] (JetFax, Inc.) [Auto | Running] -- c:\jetsuite\JSDAEMON.EXE -- (jsdaemon)

========== Driver Services (SafeList) ==========

DRV - [2012/01/13 08:42:49 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)

DRV - [2012/01/13 08:38:18 | 000,148,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Ztinternetsecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)

DRV - [2012/01/13 08:29:29 | 000,068,144 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Ztinternetsecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)

DRV - [2012/01/13 08:29:15 | 000,080,080 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)

DRV - [2012/01/05 19:13:52 | 000,048,128 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiSRaid.sys -- (SiSRaid)

DRV - [2012/01/05 19:02:50 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)

DRV - [2011/11/01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2011/11/01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)

DRV - [2007/03/01 09:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2006/04/07 16:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)

DRV - [2005/08/19 04:31:52 | 003,644,800 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/08/03 17:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2003/03/25 04:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)

DRV - [2002/10/17 02:14:46 | 000,049,024 | R--- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)

DRV - [2002/08/20 04:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)

DRV - [1999/09/22 10:48:52 | 000,173,880 | ---- | M] (JetFax, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\JSMUX.SYS -- (jsmux)

DRV - [1999/09/22 10:48:52 | 000,059,604 | ---- | M] (JetFax, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\JSFAX.SYS -- (jsfax)

DRV - [1999/09/22 10:48:52 | 000,056,672 | ---- | M] (JetFax, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\JSSCAN.SYS -- (jsscan)

DRV - [1999/09/22 10:48:52 | 000,050,352 | ---- | M] (JetFax, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\JSDBG.SYS -- (jsdbg)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0003002

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0003002

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\bdm\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\bdm\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Program Files\Ztinternetsecurity\NRS\litmus-ff@f-secure.com [2012/01/13 08:37:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fe_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2012/01/03 09:56:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2012/01/03 09:56:45 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: SweetIM Search (Enabled)

CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0003002

CHR - default_search_provider: suggest_url =

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\bdm\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\bdm\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\bdm\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\bdm\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Send using Gmail\u2122 (no button) = C:\Documents and Settings\bdm\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc\1.11.12.4_0\

CHR - Extension: Angry Birds = C:\Documents and Settings\bdm\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: YouTube Downloader = C:\Documents and Settings\bdm\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bgapjbbdaijoijbmhlpjhilaamenipao\11.0_0\

CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\bdm\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.3_0\

CHR - Extension: Default = C:\Documents and Settings\bdm\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\

CHR - Extension: Craigslist Helper = C:\Documents and Settings\bdm\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\naddbmiihfcdfaeencbcmbpioghcjlje\0.0.0.43_0\

O1 HOSTS File: ([2012/02/03 18:39:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Ztinternetsecurity\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Ztinternetsecurity\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll File not found

O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Ztinternetsecurity\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Ztinternetsecurity\FSGUI\TNBUtil.exe (F-Secure Corporation)

O4 - HKCU..\Run: [backblaze] C:\Program Files\Backblaze\bzbui.exe ()

O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet 3150 Status.lnk = C:\jetsuite\JETSTAT.EXE (eFax.com)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Ztinternetsecurity\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Ztinternetsecurity\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Ztinternetsecurity\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Ztinternetsecurity\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5339B1B0-5718-40BA-8267-43F5516AA1AB}: DhcpNameServer = 192.168.200.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\bdm\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\bdm\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/06/02 22:06:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {0e8d0700-75df-11d3-8b4a-0008c7450c4a} - LizardTech DjVu Activex Control

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: Microsoft Base Smart Card Crypto Provider Package -

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "ose"

MsConfig - Services: "NVSvc"

MsConfig - Services: "nmservice"

MsConfig - Services: "mozybackup"

MsConfig - Services: "MDM"

MsConfig - Services: "LinksysUpdater"

MsConfig - Services: "LightScribeService"

MsConfig - Services: "Delete Duplicate Files Scan on Schedule Service"

MsConfig - Services: "WMPNetworkSvc"

MsConfig - Services: "stllssvr"

MsConfig - Services: "ServiceLayer"

MsConfig - Services: "RoxLiveShare9"

MsConfig - Services: "Roxio Upnp Server 9"

MsConfig - Services: "Roxio UPnP Renderer 9"

MsConfig - Services: "Pml Driver HPZ12"

MsConfig - Services: "wlidsvc"

MsConfig - StartUpFolder: C:^Documents and Settings^bdm^Start Menu^Programs^Startup^Memeo Launcher.lnk - - File not found

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Device Doctor - hkey= - key= - C:\Program Files\Device Doctor\DDLauncher.exe ()

MsConfig - StartUpReg: Nikon Message Center 2 - hkey= - key= - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)

MsConfig - StartUpReg: Nitro PDF Printer Monitor - hkey= - key= - C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()

MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found

MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

MsConfig - StartUpReg: RIMBBLaunchAgent.exe - hkey= - key= - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 2

MsConfig - State: "startup" - 2

CREATERESTOREPOINT

Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/02/05 10:26:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/02/05 00:09:51 | 004,684,080 | ---- | C] (SweetIM Technologies Ltd.) -- C:\Documents and Settings\bdm\Desktop\BundleSweetIMSetup.exe

[2012/02/04 20:03:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2012/02/04 19:48:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/02/04 19:48:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/02/04 19:48:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/02/04 19:48:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/02/04 19:48:32 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/02/04 19:48:29 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/02/03 18:16:43 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/02/03 18:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/02/03 08:23:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012/02/02 19:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/02 19:17:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/02/01 10:15:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp

[2012/01/31 03:16:38 | 000,000,000 | ---D | C] -- C:\USMT2.UNC

[2012/01/26 19:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bdm\Application Data\Nuance

[2012/01/26 19:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bdm\Application Data\FLEXnet

[2012/01/26 19:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance

[2012/01/26 19:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nuance

[2012/01/26 19:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet

[2012/01/26 17:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bdm\Application Data\Skype

[2012/01/26 17:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Skype

[2012/01/26 17:47:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype

[2012/01/16 08:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bdm\My Documents\Briefcase

[2012/01/16 08:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia PC Suite

[2012/01/16 08:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite

[2012/01/16 08:26:19 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys

[2012/01/16 08:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution

[2012/01/16 08:25:38 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys

[2012/01/16 08:25:37 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys

[2012/01/16 08:25:36 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys

[2012/01/16 08:25:35 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys

[2012/01/16 08:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia PC Internet Access

[2012/01/16 08:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations

[2012/01/13 08:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZoomTown Internet Security

[2012/01/06 19:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bdm\My Documents\My Downloads

[2012/01/06 19:30:24 | 000,000,000 | ---D | C] -- C:\lj628

[2012/01/06 13:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bdm\Application Data\FinalTorrent

[2012/01/06 11:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant

[2012/01/06 11:48:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin

[2012/01/06 11:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FinalTorrent

[2012/01/06 11:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\FinalTorrent

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/05 11:04:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8F4D6CD7-BB5D-4ED4-BC00-D805472D1C7B}.job

[2012/02/05 11:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/05 11:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/05 10:45:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2012/02/05 10:44:41 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\bdm\Desktop\Continue SweetIM Installation.lnk

[2012/02/05 10:41:27 | 000,010,785 | ---- | M] () -- C:\WINDOWS\JETSUITE.INI

[2012/02/05 10:39:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/02/05 10:39:03 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\FinalTorrent Update Checker.job

[2012/02/05 10:38:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/02/05 10:06:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1010UA.job

[2012/02/05 10:05:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1003UA.job

[2012/02/05 00:16:53 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job

[2012/02/05 00:10:02 | 004,684,080 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Documents and Settings\bdm\Desktop\BundleSweetIMSetup.exe

[2012/02/04 19:06:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1010Core.job

[2012/02/04 17:05:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1003Core.job

[2012/02/03 18:39:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/02/03 18:16:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012/02/02 19:17:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/02 18:00:49 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\bdm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/02/02 15:55:32 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\bdm\Local Settings\Application Data\FASTWiz.html

[2012/02/02 15:55:32 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\bdm\Local Settings\Application Data\FASTApp.html

[2012/02/02 00:23:40 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/01/29 14:58:16 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT

[2012/01/29 11:21:46 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\bdm\Application Data\SAS7_000.DAT

[2012/01/16 09:05:03 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\bdm\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

[2012/01/16 08:27:09 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk

[2012/01/16 08:16:55 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Internet Access.lnk

[2012/01/16 07:57:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2012/01/13 09:53:37 | 000,049,588 | ---- | M] () -- C:\Documents and Settings\bdm\Desktop\2059f18606899f5343bde7096b62e57e.jpg

[2012/01/13 08:42:49 | 000,042,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys

[2012/01/13 08:33:30 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomTown Internet Security.lnk

[2012/01/13 08:29:15 | 000,080,080 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys

[2012/01/11 14:02:37 | 000,494,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/01/11 14:02:37 | 000,089,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/01/11 03:27:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/01/07 21:28:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/01/06 11:48:00 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\bdm\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalTorrent.lnk

[2012/01/06 11:48:00 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\bdm\Desktop\FinalTorrent.lnk

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/05 00:11:55 | 000,001,005 | ---- | C] () -- C:\Documents and Settings\bdm\Desktop\Continue SweetIM Installation.lnk

[2012/02/04 19:48:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/02/04 19:48:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/02/04 19:48:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/02/04 19:48:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/02/04 19:48:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/02/03 18:16:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012/02/03 18:16:45 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012/02/02 19:17:49 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/02 06:43:32 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\bdm\Local Settings\Application Data\FASTWiz.html

[2012/02/02 01:23:03 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\bdm\Local Settings\Application Data\FASTApp.html

[2012/01/27 13:14:32 | 000,002,354 | ---- | C] () -- C:\Documents and Settings\bdm\Application Data\SAS7_000.DAT

[2012/01/16 08:27:09 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk

[2012/01/16 08:09:27 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Internet Access.lnk

[2012/01/13 09:53:37 | 000,049,588 | ---- | C] () -- C:\Documents and Settings\bdm\Desktop\2059f18606899f5343bde7096b62e57e.jpg

[2012/01/13 08:33:30 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomTown Internet Security.lnk

[2012/01/07 16:34:35 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet 3150 Status.lnk

[2012/01/06 11:50:41 | 000,000,364 | ---- | C] () -- C:\WINDOWS\tasks\FinalTorrent Update Checker.job

[2012/01/06 11:48:00 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\bdm\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalTorrent.lnk

[2012/01/06 11:48:00 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\bdm\Desktop\FinalTorrent.lnk

[2012/01/05 18:33:05 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2012/01/05 18:33:05 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2012/01/05 18:33:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2012/01/05 18:31:47 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2012/01/05 14:58:20 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\bdm\Local Settings\Application Data\keyfile3.drm

[2011/12/29 11:10:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Home

[2011/12/29 11:10:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\bdm\Application Data\Halftone

[2011/12/29 11:10:15 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\InkjetPrinter

[2011/12/29 11:07:58 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\HomePageService

[2011/12/29 11:07:58 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Instrument Library

[2011/12/29 11:07:57 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hip Hop

[2011/12/29 11:07:57 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Images

[2011/12/29 11:06:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Guitars

[2011/12/29 11:06:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Framework

[2011/10/22 13:42:45 | 000,713,208 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/09/15 15:12:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI

[2011/09/15 14:03:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT

[2011/09/15 14:03:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT

[2011/09/15 14:03:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\bdm\Application Data\HAL

[2011/09/15 14:03:41 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT

[2011/03/15 12:55:59 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll

[2011/03/15 12:55:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll

[2011/03/04 10:09:13 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll

[2011/03/04 10:09:12 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe

[2011/03/04 10:09:09 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe

[2010/09/21 09:50:36 | 000,042,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys

[2009/09/14 09:35:00 | 000,053,940 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2009/02/23 09:41:11 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini

[2009/01/21 23:25:12 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2008/10/25 10:28:36 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin

[2008/10/22 08:01:02 | 000,038,477 | ---- | C] () -- C:\Documents and Settings\bdm\Application Data\Comma Separated Values (DOS).ADR

[2008/10/22 07:53:31 | 000,038,478 | ---- | C] () -- C:\Documents and Settings\bdm\Application Data\Comma Separated Values (Windows).ADR

[2008/09/02 08:34:26 | 000,509,208 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll

[2007/08/03 15:23:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\readiris.ini

[2007/08/03 15:21:28 | 000,010,785 | ---- | C] () -- C:\WINDOWS\JETSUITE.INI

[2007/05/28 13:36:34 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\bdm\Local Settings\Application Data\fusioncache.dat

[2006/10/22 18:40:52 | 000,184,620 | ---- | C] () -- C:\Documents and Settings\bdm\Local Settings\Application Data\rx_image.Cache

[2006/10/20 18:23:17 | 000,001,604 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/10/20 17:46:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2006/10/15 08:27:14 | 000,001,592 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2006/10/14 16:40:40 | 000,000,324 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2006/10/14 16:33:28 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe

[2006/10/14 15:06:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2006/10/14 14:17:16 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\bdm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/10/14 13:58:57 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT

[2006/08/24 07:44:00 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html

[2006/08/15 14:54:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/08/07 18:51:26 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2006/08/07 18:46:31 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini

[2006/08/07 18:45:35 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

[2006/07/03 23:28:18 | 000,112,911 | ---- | C] () -- C:\WINDOWS\hpoins07.dat

[2006/07/03 23:28:18 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat

[2006/07/01 17:19:37 | 000,001,924 | ---- | C] () -- C:\Documents and Settings\bdm\Application Data\.googlewebacchosts

[2006/06/08 12:02:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini

[2006/06/08 09:51:40 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2006/06/08 09:51:40 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2006/06/08 09:51:38 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2006/06/03 14:23:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/06/03 14:09:32 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll

[2006/06/03 14:01:54 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini

[2006/06/03 14:01:48 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2006/06/03 14:01:48 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2006/06/02 22:09:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2006/06/02 22:03:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2006/06/02 17:36:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/06/02 17:35:28 | 000,277,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2006/02/06 15:20:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\sw24.exe

[2006/02/06 15:19:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\sw20.exe

[2005/12/19 10:56:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2005/12/19 10:56:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2005/12/19 10:56:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2005/12/19 10:56:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2005/12/19 10:56:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2005/12/19 10:56:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2005/12/19 10:56:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2005/12/19 10:56:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2005/12/19 10:56:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2005/12/19 10:56:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2005/07/15 13:36:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe

[2005/07/15 13:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005/07/15 13:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2005/07/15 13:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2005/02/03 00:30:22 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\sysinfo.sys

[2004/09/11 18:36:40 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys

[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 07:00:00 | 000,494,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 07:00:00 | 000,089,220 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2001/03/30 22:58:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll

========== LOP Check ==========

[2011/02/08 08:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backblaze

[2011/09/15 14:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2010/09/21 09:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure

[2012/01/13 08:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg

[2012/01/16 08:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2008/11/06 21:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys

[2008/10/16 18:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon

[2011/09/15 21:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2008/10/17 08:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF

[2012/01/03 09:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia

[2012/01/03 09:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache

[2012/01/26 19:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance

[2012/01/03 10:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2010/12/07 08:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion

[2011/09/15 14:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2009/02/23 10:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2011/12/29 12:27:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D0D0BE61-F9F3-4330-BF43-3FC63530C4E6}

[2008/10/29 06:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\Blackberry Desktop

[2012/01/05 16:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\Device Doctor

[2010/09/24 02:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\F-Secure

[2012/01/26 16:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\FinalTorrent

[2007/04/20 16:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\Image Zone Express

[2006/10/14 16:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\InterTrust

[2008/09/26 06:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\Leadertech

[2008/10/16 18:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\Memeo

[2011/09/15 14:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\Nikon

[2008/10/17 08:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\Nitro PDF

[2012/01/16 08:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\Nokia

[2012/01/03 10:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\Nokia Suite

[2012/01/26 19:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\Nuance

[2008/10/17 07:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\OfficeUpdate12

[2012/01/03 10:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\PC Suite

[2006/09/13 15:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\Registry Booster

[2010/12/20 13:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\Research In Motion

[2007/06/27 18:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\School Zone Preferences

[2008/10/15 17:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\Tanagra

[2011/12/12 13:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\uTorrent

[2012/01/05 19:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bdm\Application Data\WinBatch

[2012/02/05 10:39:03 | 000,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\FinalTorrent Update Checker.job

[2012/02/05 00:16:53 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job

[2012/02/05 11:04:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8F4D6CD7-BB5D-4ED4-BC00-D805472D1C7B}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >

[2011/02/08 08:53:07 | 000,000,000 | ---D | M] -- C:\.bzvol

[2007/03/24 17:33:10 | 000,000,000 | ---D | M] -- C:\.file_store_32

[2008/01/27 16:26:25 | 000,000,000 | ---D | M] -- C:\.jagex_cache_32

[2007/05/30 16:39:16 | 000,000,000 | ---D | M] -- C:\.jagex_cache_34

[2006/11/15 03:01:58 | 000,000,000 | ---D | M] -- C:\5b7631ceb803dd2914d17d2a

[2007/08/08 11:22:24 | 000,000,000 | ---D | M] -- C:\CAVEDOG

[2012/02/03 18:16:51 | 000,000,000 | RHSD | M] -- C:\cmdcons

[2012/02/04 20:03:26 | 000,000,000 | ---D | M] -- C:\ComboFix

[2012/02/04 13:25:04 | 000,000,000 | ---D | M] -- C:\Config.Msi

[2010/04/18 10:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings

[2011/11/08 06:11:53 | 000,000,000 | ---D | M] -- C:\found.000

[2008/06/18 13:49:16 | 000,000,000 | ---D | M] -- C:\hegames

[2006/06/08 09:52:01 | 000,000,000 | ---D | M] -- C:\Inetpub

[2009/09/20 16:16:01 | 000,000,000 | ---D | M] -- C:\jetsuite

[2012/01/06 19:34:26 | 000,000,000 | ---D | M] -- C:\lj628

[2006/06/03 14:20:11 | 000,000,000 | R--D | M] -- C:\MSOCache

[2008/12/26 08:17:11 | 000,000,000 | ---D | M] -- C:\My Downloads

[2011/12/16 11:56:52 | 000,000,000 | ---D | M] -- C:\MyWorks

[2012/01/05 18:30:29 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2011/03/04 10:14:32 | 000,000,000 | ---D | M] -- C:\Output Files

[2012/02/05 00:14:11 | 000,000,000 | R--D | M] -- C:\Program Files

[2012/02/04 20:03:25 | 000,000,000 | ---D | M] -- C:\Qoobox

[2012/02/05 10:26:38 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2009/09/04 10:51:41 | 000,000,000 | ---D | M] -- C:\spoolerlogs

[2012/02/03 12:37:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2006/10/20 17:41:34 | 000,000,000 | ---D | M] -- C:\temp

[2012/01/31 03:16:38 | 000,000,000 | ---D | M] -- C:\USMT2.UNC

[2012/02/05 00:15:22 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >

[2004/10/01 14:00:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Uninstall_CDS.exe

Invalid Environment Variable: LOCALAPPDATA

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< MD5 for: EXPLORER.EXE >

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: REGEDIT.EXE >

[2008/04/13 19:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ERDNT\cache\regedit.exe

[2008/04/13 19:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe

[2008/04/13 19:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe

[2004/08/04 07:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe

< MD5 for: USERINIT.EXE >

[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011/11/23 08:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-18 08:01:44

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\bdm\My Documents\Updater5:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\bdm\My Documents\summer blast off.dmsd:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\bdm\My Documents\My Scans:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\bdm\My Documents\Margaret:Roxio EMC Stream

< End of report >

Link to post
Share on other sites

I see you ran ComboFix without being instructed to. I would like to quote a section of the ComboFix tutorial located here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

I see you are using peer 2 peer software. In your case FinalTorrent 2011

Refering to this sticky topic, I want you to uninstall this kind of software.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC_update.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

cfRC_screen_2.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Please post in your next reply

Combofix.txt

Link to post
Share on other sites

1) removed Final Torrent

2) ran combofix here is log

ComboFix 12-02-05.02 - bdm 02/05/2012 17:42:15.3.1 - x86

Running from: c:\documents and settings\bdm\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))

.

.

2012-02-03 00:17 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-02 22:41 . 2012-02-02 22:41 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-01 15:15 . 2012-02-01 17:35 -------- d-----w- c:\windows\tmp

2012-01-31 08:16 . 2012-01-31 08:16 -------- d-----w- C:\USMT2.UNC

2012-01-27 00:13 . 2012-01-27 00:13 -------- d-----w- c:\documents and settings\bdm\Application Data\Nuance

2012-01-27 00:12 . 2012-01-27 00:12 -------- d-----w- c:\documents and settings\bdm\Application Data\FLEXnet

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\program files\Nuance

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\documents and settings\bdm\Application Data\Skype

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\program files\Skype

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2012-01-16 13:27 . 2012-01-16 13:27 -------- d-----w- c:\program files\Common Files\PCSuite

2012-01-16 13:26 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2012-01-16 13:26 . 2012-01-16 13:26 -------- d-----w- c:\program files\PC Connectivity Solution

2012-01-16 13:25 . 2011-11-01 15:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2012-01-16 13:25 . 2011-11-01 15:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2012-01-16 13:25 . 2011-11-01 15:07 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2012-01-16 13:25 . 2011-11-01 15:07 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2012-01-16 13:08 . 2012-01-16 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations

2012-01-07 20:23 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll

2012-01-07 00:30 . 2012-01-07 00:34 -------- d-----w- C:\lj628

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-13 13:42 . 2010-09-21 14:50 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-01-13 13:29 . 2010-09-21 14:50 80080 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2012-01-06 00:13 . 2005-05-06 22:14 48128 ----a-w- c:\windows\system32\drivers\SiSRaid.sys

2012-01-06 00:13 . 2001-03-31 03:58 135168 ----a-w- c:\windows\system32\property.dll

2012-01-06 00:02 . 2006-06-03 19:04 32768 ----a-w- c:\windows\system32\drivers\sisnicxp.sys

2012-01-05 22:45 . 2006-07-12 18:19 1740800 ----a-w- c:\windows\system32\nvwssr.dll

2012-01-05 22:45 . 2006-07-12 18:19 1257472 ----a-w- c:\windows\system32\nvwss.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvwrspt.dll

2012-01-05 22:45 . 2005-12-19 15:56 319488 ----a-w- c:\windows\system32\nvwrsptb.dll

2012-01-05 22:45 . 2005-12-19 15:56 315392 ----a-w- c:\windows\system32\nvwrsru.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrstr.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrssl.dll

2012-01-05 22:45 . 2005-12-19 15:56 299008 ----a-w- c:\windows\system32\nvwrssk.dll

2012-01-05 22:45 . 2005-12-19 15:56 299008 ----a-w- c:\windows\system32\nvwrsno.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrssv.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrspl.dll

2012-01-05 22:45 . 2005-12-19 15:56 167936 ----a-w- c:\windows\system32\nvwrszht.dll

2012-01-05 22:45 . 2005-12-19 15:56 163840 ----a-w- c:\windows\system32\nvwrszhc.dll

2012-01-05 22:45 . 2005-12-19 15:56 1519616 ----a-w- c:\windows\system32\nwiz.exe

2012-01-05 22:45 . 2005-12-19 15:56 335872 ----a-w- c:\windows\system32\nvwrses.dll

2012-01-05 22:45 . 2005-12-19 15:56 335872 ----a-w- c:\windows\system32\nvwrsel.dll

2012-01-05 22:45 . 2005-12-19 15:56 327680 ----a-w- c:\windows\system32\nvwrsfr.dll

2012-01-05 22:45 . 2005-12-19 15:56 327680 ----a-w- c:\windows\system32\nvwrsesm.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvwrsit.dll

2012-01-05 22:45 . 2005-12-19 15:56 319488 ----a-w- c:\windows\system32\nvwrsnl.dll

2012-01-05 22:45 . 2005-12-19 15:56 315392 ----a-w- c:\windows\system32\nvwrshu.dll

2012-01-05 22:45 . 2005-12-19 15:56 311296 ----a-w- c:\windows\system32\nvwrsde.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrsfi.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrsda.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvwrseng.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvwrscs.dll

2012-01-05 22:45 . 2005-12-19 15:56 282624 ----a-w- c:\windows\system32\nvwrsar.dll

2012-01-05 22:45 . 2005-12-19 15:56 278528 ----a-w- c:\windows\system32\nvwrshe.dll

2012-01-05 22:45 . 2005-12-19 15:56 212992 ----a-w- c:\windows\system32\nvwrsja.dll

2012-01-05 22:45 . 2005-12-19 15:56 196608 ----a-w- c:\windows\system32\nvwrsko.dll

2012-01-05 22:45 . 2005-12-19 15:56 1662976 ----a-w- c:\windows\system32\nvwdmcpl.dll

2012-01-05 22:45 . 2005-12-19 15:56 1019904 ----a-w- c:\windows\system32\nvwimg.dll

2012-01-05 22:45 . 2006-07-12 18:19 2977792 ----a-w- c:\windows\system32\nvvitvsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 2932736 ----a-w- c:\windows\system32\nvvitvs.dll

2012-01-05 22:45 . 2005-12-19 15:56 73728 ----a-w- c:\windows\system32\nvtuicpl.cpl

2012-01-05 22:45 . 2005-12-19 15:56 466944 ----a-w- c:\windows\system32\nvshell.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvrshe.dll

2012-01-05 22:45 . 2005-12-19 15:56 278528 ----a-w- c:\windows\system32\nvrsfr.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrsit.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrses.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrsel.dll

2012-01-05 22:45 . 2005-12-19 15:56 270336 ----a-w- c:\windows\system32\nvrsde.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrspt.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrsnl.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrsesm.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsru.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsptb.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsja.dll

2012-01-05 22:45 . 2005-12-19 15:56 258048 ----a-w- c:\windows\system32\nvrsko.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrstr.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrssl.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrssk.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrspl.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrsno.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrshu.dll

2012-01-05 22:45 . 2005-12-19 15:56 245760 ----a-w- c:\windows\system32\nvrssv.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrsfi.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrseng.dll

2012-01-05 22:45 . 2005-12-19 15:56 221184 ----a-w- c:\windows\system32\nvrszhc.dll

2012-01-05 22:45 . 2005-12-19 15:56 122880 ----a-w- c:\windows\system32\nvrszht.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvrsar.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvnt4cpl.dll

2012-01-05 22:45 . 2005-12-19 15:56 245760 ----a-w- c:\windows\system32\nvrsda.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrscs.dll

2012-01-05 22:45 . 2006-07-12 18:19 888832 ----a-w- c:\windows\system32\nvmobls.dll

2012-01-05 22:45 . 2006-07-12 18:19 2859008 ----a-w- c:\windows\system32\nvmoblsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 462848 ----a-w- c:\windows\system32\nvmccssr.dll

2012-01-05 22:45 . 2006-07-12 18:19 188416 ----a-w- c:\windows\system32\nvmccss.dll

2012-01-05 22:45 . 2005-12-19 15:56 45056 ----a-w- c:\windows\system32\nvmccsrs.dll

2012-01-05 22:45 . 2005-12-19 15:56 229376 ----a-w- c:\windows\system32\nvmccs.dll

2012-01-05 22:45 . 2005-12-19 15:56 1466368 ----a-w- c:\windows\system32\nview.dll

2012-01-05 22:45 . 2006-07-12 18:19 311296 ----a-w- c:\windows\system32\nvexpbar.dll

2012-01-05 22:45 . 2006-07-12 18:19 3035136 ----a-w- c:\windows\system32\nvgames.dll

2012-01-05 22:45 . 2006-07-12 18:19 2887680 ----a-w- c:\windows\system32\nvgamesr.dll

2012-01-05 22:45 . 2005-12-19 15:56 581632 ----a-w- c:\windows\system32\nvhwvid.dll

2012-01-05 22:45 . 2005-12-19 15:56 1339392 ----a-w- c:\windows\system32\nvdspsch.exe

2012-01-05 22:45 . 2006-07-12 18:19 5246976 ----a-w- c:\windows\system32\nvdispsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 5656576 ----a-w- c:\windows\system32\nvdisps.dll

2012-01-05 22:45 . 2006-07-12 18:19 794624 ----a-w- c:\windows\system32\nvcplui.exe

2012-01-05 22:45 . 2006-07-12 18:19 1011712 ----a-w- c:\windows\system32\nvcpluir.dll

2012-01-05 22:45 . 2006-07-12 18:19 69632 ----a-w- c:\windows\system32\nvcpl.cpl

2012-01-05 22:45 . 2005-12-19 15:56 442368 ----a-w- c:\windows\system32\nvappbar.exe

2012-01-05 22:45 . 2005-12-19 15:56 35840 ----a-w- c:\windows\system32\nvcodins.dll

2012-01-05 22:45 . 2005-12-19 15:56 35840 ----a-w- c:\windows\system32\nvcod.dll

2012-01-05 22:45 . 2005-12-19 15:56 425984 ----a-w- c:\windows\system32\keystone.exe

2011-12-29 16:11 . 2011-09-15 19:05 57344 ----a-r- c:\documents and settings\bdm\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2011-12-29 16:06 . 2003-03-19 01:05 106496 ----a-w- c:\windows\system32\ATL71.DLL

2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2004-08-04 12:00 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21 . 2004-08-04 12:00 152064 ----a-w- c:\windows\system32\schannel.dll

2004-10-01 19:00 . 2006-10-14 21:33 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-05_01.01.13 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-02-05 22:35 . 2012-02-05 22:35 16384 c:\windows\temp\Perflib_Perfdata_690.dat

+ 2012-01-25 15:16 . 2012-02-05 22:35 212099 c:\windows\system32\inetsrv\MetaBase.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2010-11-08 21:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2010-11-08 21:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2012-01-17 495400]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F-Secure Manager"="c:\program files\Ztinternetsecurity\Common\FSM32.EXE" [2012-01-13 199344]

"F-Secure TNB"="c:\program files\Ztinternetsecurity\FSGUI\TNBUtil.exe" [2012-01-13 1655464]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2012-01-17 495400]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP LaserJet 3150 Status.lnk - c:\jetsuite\JETSTAT.EXE [2007-8-3 147456]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^bdm^Start Menu^Programs^Startup^Memeo Launcher.lnk]

path=c:\documents and settings\bdm\Start Menu\Programs\Startup\Memeo Launcher.lnk

backup=c:\windows\pss\Memeo Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Doctor]

2011-10-11 19:58 46424 ----a-w- c:\program files\Device Doctor\DDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]

2010-05-25 23:16 619008 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]

2008-09-02 13:34 210224 ----a-w- c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]

2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"NVSvc"=2 (0x2)

"nmservice"=2 (0x2)

"mozybackup"=2 (0x2)

"MDM"=2 (0x2)

"LinksysUpdater"=2 (0x2)

"LightScribeService"=2 (0x2)

"Delete Duplicate Files Scan on Schedule Service"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"stllssvr"=3 (0x3)

"ServiceLayer"=3 (0x3)

"RoxLiveShare9"=2 (0x2)

"Roxio Upnp Server 9"=2 (0x2)

"Roxio UPnP Renderer 9"=3 (0x3)

"Pml Driver HPZ12"=2 (0x2)

"wlidsvc"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Documents and Settings\\bdm\\My Documents\\Downloads\\SweetIMSetup.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

"67:UDP"= 67:UDP:DHCP Discovery Service

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R2 gupdate1ca1e7c83b7e348;Google Update Service (gupdate1ca1e7c83b7e348);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Ztinternetsecurity\ORSP Client\fsorsp.exe [2011-05-23 61088]

R3 FXDRV;FXDRV;D:\Fxdrv.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]

R4 Delete Duplicate Files Scan on Schedule Service;Delete Duplicate Files Scan on Schedule Service;c:\program files\Delete Duplicate Files\DDFS.exe [2008-07-02 208896]

R4 jsdbg;jsdbg;c:\windows\system32\drivers\jsdbg.sys [1999-09-22 50352]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-01-13 42672]

S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2012-01-13 80080]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Ztinternetsecurity\HIPS\drivers\fshs.sys [2012-01-13 68144]

S1 jsmux;jsmux;c:\windows\system32\drivers\jsmux.sys [1999-09-22 173880]

S1 jsscan;jsscan;c:\windows\system32\drivers\jsscan.sys [1999-09-22 56672]

S2 bzserv;Backblaze Service;c:\program files\Backblaze\bzserv.exe [2012-01-17 211240]

S2 Iprip;RIP Listener;c:\windows\System32\svchost.exe [2008-04-14 14336]

S2 jsfax;jsfax;c:\windows\system32\drivers\jsfax.sys [1999-09-22 59604]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Ztinternetsecurity\Anti-Virus\minifilter\fsgk.sys [2012-01-13 148632]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-05 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 18:31]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 14:18]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 14:18]

.

2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1003Core.job

- c:\documents and settings\bdm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 08:45]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1003UA.job

- c:\documents and settings\bdm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 08:45]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1010Core.job

- c:\documents and settings\Augie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:50]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1010UA.job

- c:\documents and settings\Augie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:50]

.

2012-02-05 c:\windows\Tasks\Scheduled scanning task.job

- c:\progra~1\ZTINTE~1\ANTI-V~1\fsav.exe [2010-09-21 13:29]

.

2012-02-05 c:\windows\Tasks\User_Feed_Synchronization-{8F4D6CD7-BB5D-4ED4-BC00-D805472D1C7B}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://cincymls.net/

mStart Page = hxxp://home.sweetim.com/?crg=4.0003002

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

LSP: c:\program files\Ztinternetsecurity\FSPS\program\FSLSP.DLL

TCP: DhcpNameServer = 192.168.200.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-05 17:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-682003330-1078145449-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-682003330-1078145449-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:db,54,32,98,2d,0c,33,09,b8,d3,a6,ee,b5,6b,d9,54,8f,f9,25,ab,60,5a,bf,

41,5c,21,d0,9b,52,2b,c0,f3,1d,b8,e1,79,5e,e0,c8,f3,95,e6,17,3f,01,a4,5f,ee,\

"??"=hex:f6,68,ce,1a,a9,d5,36,16,60,f2,58,85,cc,bf,01,97

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(400)

c:\program files\ztinternetsecurity\hips\fshook32.dll

.

- - - - - - - > 'lsass.exe'(456)

c:\program files\Ztinternetsecurity\FSPS\program\FSLSP.DLL

c:\program files\ztinternetsecurity\hips\fshook32.dll

.

- - - - - - - > 'explorer.exe'(3048)

c:\windows\system32\WININET.dll

c:\program files\MozyHome\mozyshell.dll

c:\windows\system32\LIBEAY32.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\program files\Ztinternetsecurity\FSPS\program\FSLSP.DLL

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\ztinternetsecurity\scanner-interface\fsgkiapi.dll

.

Completion time: 2012-02-05 17:55:54

ComboFix-quarantined-files.txt 2012-02-05 22:55

ComboFix2.txt 2012-02-05 01:03

ComboFix3.txt 2012-02-03 23:46

.

Pre-Run: 36,211,204,096 bytes free

Post-Run: 36,217,020,416 bytes free

.

- - End Of File - - CC5B12A3E8E32A24C3D0E7140773F170

Link to post
Share on other sites

Please press the windows.jpg + R Key and type notepad into the Run box.

Copy/paste the entire contents of the codebox below, into notepad:

@echo off
>look.txt (
net start winmgmt
sc qc winmgmt
)
notepad look.txt
del &0

  • Now on the top of the window choose File --> Save as
  • Into the Save as line type in wmi.bat
  • Change the Save as type to All Files (*.*)
  • Save it on your Desktop.
    It should look like this bat.jpg
  • Run the wmi.bat

A notepad window will appear, please post its content here.

Link to post
Share on other sites

Here you go:

[sC] GetServiceConfig SUCCESS

SERVICE_NAME: winmgmt

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 2 AUTO_START

ERROR_CONTROL : 0 IGNORE

BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs

LOAD_ORDER_GROUP :

TAG : 0

DISPLAY_NAME : Windows Management Instrumentation

DEPENDENCIES : RPCSS

SERVICE_START_NAME : LocalSystem

Link to post
Share on other sites

Hy,

Service Settings appears ok.

Please press the windows.jpg + R Key and type notepad into the Run box.

Copy/paste the entire contents of the codebox below, into notepad:

@echo off
if exist look.txt del look.txt
sc query winmgmt > look.txt 2>&1
net start winmgmt >> look.txt 2>&1
notepad look.txt

  • Now on the top of the window choose File --> Save as
  • Into the Save as line type in start.bat
  • Change the Save as type to All Files (*.*)
  • Save it on your Desktop.
    It should look like this bat.jpg
  • Run the start.bat

A notepad window will appear, please post this in your next reply.

Link to post
Share on other sites

SERVICE_NAME: winmgmt

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

Link to post
Share on other sites

Here you go..

ComboFix 12-02-05.02 - bdm 02/06/2012 18:16:54.4.1 - x86

Running from: c:\documents and settings\bdm\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))

.

.

2012-02-03 00:17 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-02 22:41 . 2012-02-02 22:41 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-01 15:15 . 2012-02-01 17:35 -------- d-----w- c:\windows\tmp

2012-01-31 08:16 . 2012-01-31 08:16 -------- d-----w- C:\USMT2.UNC

2012-01-27 00:13 . 2012-01-27 00:13 -------- d-----w- c:\documents and settings\bdm\Application Data\Nuance

2012-01-27 00:12 . 2012-01-27 00:12 -------- d-----w- c:\documents and settings\bdm\Application Data\FLEXnet

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\program files\Nuance

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\documents and settings\bdm\Application Data\Skype

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\program files\Skype

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2012-01-16 13:27 . 2012-01-16 13:27 -------- d-----w- c:\program files\Common Files\PCSuite

2012-01-16 13:26 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2012-01-16 13:26 . 2012-01-16 13:26 -------- d-----w- c:\program files\PC Connectivity Solution

2012-01-16 13:25 . 2011-11-01 15:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2012-01-16 13:25 . 2011-11-01 15:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2012-01-16 13:25 . 2011-11-01 15:07 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2012-01-16 13:25 . 2011-11-01 15:07 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2012-01-16 13:08 . 2012-01-16 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-13 13:42 . 2010-09-21 14:50 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-01-13 13:29 . 2010-09-21 14:50 80080 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2012-01-06 00:13 . 2005-05-06 22:14 48128 ----a-w- c:\windows\system32\drivers\SiSRaid.sys

2012-01-06 00:13 . 2001-03-31 03:58 135168 ----a-w- c:\windows\system32\property.dll

2012-01-06 00:02 . 2006-06-03 19:04 32768 ----a-w- c:\windows\system32\drivers\sisnicxp.sys

2012-01-05 22:45 . 2006-07-12 18:19 1740800 ----a-w- c:\windows\system32\nvwssr.dll

2012-01-05 22:45 . 2006-07-12 18:19 1257472 ----a-w- c:\windows\system32\nvwss.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvwrspt.dll

2012-01-05 22:45 . 2005-12-19 15:56 319488 ----a-w- c:\windows\system32\nvwrsptb.dll

2012-01-05 22:45 . 2005-12-19 15:56 315392 ----a-w- c:\windows\system32\nvwrsru.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrstr.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrssl.dll

2012-01-05 22:45 . 2005-12-19 15:56 299008 ----a-w- c:\windows\system32\nvwrssk.dll

2012-01-05 22:45 . 2005-12-19 15:56 299008 ----a-w- c:\windows\system32\nvwrsno.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrssv.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrspl.dll

2012-01-05 22:45 . 2005-12-19 15:56 167936 ----a-w- c:\windows\system32\nvwrszht.dll

2012-01-05 22:45 . 2005-12-19 15:56 163840 ----a-w- c:\windows\system32\nvwrszhc.dll

2012-01-05 22:45 . 2005-12-19 15:56 1519616 ----a-w- c:\windows\system32\nwiz.exe

2012-01-05 22:45 . 2005-12-19 15:56 335872 ----a-w- c:\windows\system32\nvwrses.dll

2012-01-05 22:45 . 2005-12-19 15:56 335872 ----a-w- c:\windows\system32\nvwrsel.dll

2012-01-05 22:45 . 2005-12-19 15:56 327680 ----a-w- c:\windows\system32\nvwrsfr.dll

2012-01-05 22:45 . 2005-12-19 15:56 327680 ----a-w- c:\windows\system32\nvwrsesm.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvwrsit.dll

2012-01-05 22:45 . 2005-12-19 15:56 319488 ----a-w- c:\windows\system32\nvwrsnl.dll

2012-01-05 22:45 . 2005-12-19 15:56 315392 ----a-w- c:\windows\system32\nvwrshu.dll

2012-01-05 22:45 . 2005-12-19 15:56 311296 ----a-w- c:\windows\system32\nvwrsde.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrsfi.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrsda.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvwrseng.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvwrscs.dll

2012-01-05 22:45 . 2005-12-19 15:56 282624 ----a-w- c:\windows\system32\nvwrsar.dll

2012-01-05 22:45 . 2005-12-19 15:56 278528 ----a-w- c:\windows\system32\nvwrshe.dll

2012-01-05 22:45 . 2005-12-19 15:56 212992 ----a-w- c:\windows\system32\nvwrsja.dll

2012-01-05 22:45 . 2005-12-19 15:56 196608 ----a-w- c:\windows\system32\nvwrsko.dll

2012-01-05 22:45 . 2005-12-19 15:56 1662976 ----a-w- c:\windows\system32\nvwdmcpl.dll

2012-01-05 22:45 . 2005-12-19 15:56 1019904 ----a-w- c:\windows\system32\nvwimg.dll

2012-01-05 22:45 . 2006-07-12 18:19 2977792 ----a-w- c:\windows\system32\nvvitvsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 2932736 ----a-w- c:\windows\system32\nvvitvs.dll

2012-01-05 22:45 . 2005-12-19 15:56 73728 ----a-w- c:\windows\system32\nvtuicpl.cpl

2012-01-05 22:45 . 2005-12-19 15:56 466944 ----a-w- c:\windows\system32\nvshell.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvrshe.dll

2012-01-05 22:45 . 2005-12-19 15:56 278528 ----a-w- c:\windows\system32\nvrsfr.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrsit.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrses.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrsel.dll

2012-01-05 22:45 . 2005-12-19 15:56 270336 ----a-w- c:\windows\system32\nvrsde.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrspt.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrsnl.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrsesm.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsru.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsptb.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsja.dll

2012-01-05 22:45 . 2005-12-19 15:56 258048 ----a-w- c:\windows\system32\nvrsko.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrstr.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrssl.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrssk.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrspl.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrsno.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrshu.dll

2012-01-05 22:45 . 2005-12-19 15:56 245760 ----a-w- c:\windows\system32\nvrssv.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrsfi.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrseng.dll

2012-01-05 22:45 . 2005-12-19 15:56 221184 ----a-w- c:\windows\system32\nvrszhc.dll

2012-01-05 22:45 . 2005-12-19 15:56 122880 ----a-w- c:\windows\system32\nvrszht.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvrsar.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvnt4cpl.dll

2012-01-05 22:45 . 2005-12-19 15:56 245760 ----a-w- c:\windows\system32\nvrsda.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrscs.dll

2012-01-05 22:45 . 2006-07-12 18:19 888832 ----a-w- c:\windows\system32\nvmobls.dll

2012-01-05 22:45 . 2006-07-12 18:19 2859008 ----a-w- c:\windows\system32\nvmoblsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 462848 ----a-w- c:\windows\system32\nvmccssr.dll

2012-01-05 22:45 . 2006-07-12 18:19 188416 ----a-w- c:\windows\system32\nvmccss.dll

2012-01-05 22:45 . 2005-12-19 15:56 45056 ----a-w- c:\windows\system32\nvmccsrs.dll

2012-01-05 22:45 . 2005-12-19 15:56 229376 ----a-w- c:\windows\system32\nvmccs.dll

2012-01-05 22:45 . 2005-12-19 15:56 1466368 ----a-w- c:\windows\system32\nview.dll

2012-01-05 22:45 . 2006-07-12 18:19 311296 ----a-w- c:\windows\system32\nvexpbar.dll

2012-01-05 22:45 . 2006-07-12 18:19 3035136 ----a-w- c:\windows\system32\nvgames.dll

2012-01-05 22:45 . 2006-07-12 18:19 2887680 ----a-w- c:\windows\system32\nvgamesr.dll

2012-01-05 22:45 . 2005-12-19 15:56 581632 ----a-w- c:\windows\system32\nvhwvid.dll

2012-01-05 22:45 . 2005-12-19 15:56 1339392 ----a-w- c:\windows\system32\nvdspsch.exe

2012-01-05 22:45 . 2006-07-12 18:19 5246976 ----a-w- c:\windows\system32\nvdispsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 5656576 ----a-w- c:\windows\system32\nvdisps.dll

2012-01-05 22:45 . 2006-07-12 18:19 794624 ----a-w- c:\windows\system32\nvcplui.exe

2012-01-05 22:45 . 2006-07-12 18:19 1011712 ----a-w- c:\windows\system32\nvcpluir.dll

2012-01-05 22:45 . 2006-07-12 18:19 69632 ----a-w- c:\windows\system32\nvcpl.cpl

2012-01-05 22:45 . 2005-12-19 15:56 442368 ----a-w- c:\windows\system32\nvappbar.exe

2012-01-05 22:45 . 2005-12-19 15:56 35840 ----a-w- c:\windows\system32\nvcodins.dll

2012-01-05 22:45 . 2005-12-19 15:56 35840 ----a-w- c:\windows\system32\nvcod.dll

2012-01-05 22:45 . 2005-12-19 15:56 425984 ----a-w- c:\windows\system32\keystone.exe

2011-12-29 16:11 . 2011-09-15 19:05 57344 ----a-r- c:\documents and settings\bdm\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2011-12-29 16:06 . 2003-03-19 01:05 106496 ----a-w- c:\windows\system32\ATL71.DLL

2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2004-08-04 12:00 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21 . 2004-08-04 12:00 152064 ----a-w- c:\windows\system32\schannel.dll

2004-10-01 19:00 . 2006-10-14 21:33 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-05_01.01.13 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-02-06 13:19 . 2012-02-06 13:19 16384 c:\windows\temp\Perflib_Perfdata_530.dat

+ 2012-01-25 15:16 . 2012-02-06 14:37 212101 c:\windows\system32\inetsrv\MetaBase.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2010-11-08 21:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2010-11-08 21:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2012-01-17 495400]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F-Secure Manager"="c:\program files\Ztinternetsecurity\Common\FSM32.EXE" [2012-01-13 199344]

"F-Secure TNB"="c:\program files\Ztinternetsecurity\FSGUI\TNBUtil.exe" [2012-01-13 1655464]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2012-01-17 495400]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP LaserJet 3150 Status.lnk - c:\jetsuite\JETSTAT.EXE [2007-8-3 147456]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^bdm^Start Menu^Programs^Startup^Memeo Launcher.lnk]

path=c:\documents and settings\bdm\Start Menu\Programs\Startup\Memeo Launcher.lnk

backup=c:\windows\pss\Memeo Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Doctor]

2011-10-11 19:58 46424 ----a-w- c:\program files\Device Doctor\DDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]

2010-05-25 23:16 619008 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]

2008-09-02 13:34 210224 ----a-w- c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]

2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"NVSvc"=2 (0x2)

"nmservice"=2 (0x2)

"mozybackup"=2 (0x2)

"MDM"=2 (0x2)

"LinksysUpdater"=2 (0x2)

"LightScribeService"=2 (0x2)

"Delete Duplicate Files Scan on Schedule Service"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"stllssvr"=3 (0x3)

"ServiceLayer"=3 (0x3)

"RoxLiveShare9"=2 (0x2)

"Roxio Upnp Server 9"=2 (0x2)

"Roxio UPnP Renderer 9"=3 (0x3)

"Pml Driver HPZ12"=2 (0x2)

"wlidsvc"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Documents and Settings\\bdm\\My Documents\\Downloads\\SweetIMSetup.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

"67:UDP"= 67:UDP:DHCP Discovery Service

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R2 gupdate1ca1e7c83b7e348;Google Update Service (gupdate1ca1e7c83b7e348);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Ztinternetsecurity\ORSP Client\fsorsp.exe [2011-05-23 61088]

R3 FXDRV;FXDRV;D:\Fxdrv.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]

R4 Delete Duplicate Files Scan on Schedule Service;Delete Duplicate Files Scan on Schedule Service;c:\program files\Delete Duplicate Files\DDFS.exe [2008-07-02 208896]

R4 jsdbg;jsdbg;c:\windows\system32\drivers\jsdbg.sys [1999-09-22 50352]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-01-13 42672]

S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2012-01-13 80080]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Ztinternetsecurity\HIPS\drivers\fshs.sys [2012-01-13 68144]

S1 jsmux;jsmux;c:\windows\system32\drivers\jsmux.sys [1999-09-22 173880]

S1 jsscan;jsscan;c:\windows\system32\drivers\jsscan.sys [1999-09-22 56672]

S2 bzserv;Backblaze Service;c:\program files\Backblaze\bzserv.exe [2012-01-17 211240]

S2 Iprip;RIP Listener;c:\windows\System32\svchost.exe [2008-04-14 14336]

S2 jsfax;jsfax;c:\windows\system32\drivers\jsfax.sys [1999-09-22 59604]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Ztinternetsecurity\Anti-Virus\minifilter\fsgk.sys [2012-01-13 148632]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-06 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 18:31]

.

2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 14:18]

.

2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 14:18]

.

2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1003Core.job

- c:\documents and settings\bdm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 08:45]

.

2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1003UA.job

- c:\documents and settings\bdm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 08:45]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1010Core.job

- c:\documents and settings\Augie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:50]

.

2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1010UA.job

- c:\documents and settings\Augie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:50]

.

2012-02-06 c:\windows\Tasks\Scheduled scanning task.job

- c:\progra~1\ZTINTE~1\ANTI-V~1\fsav.exe [2010-09-21 13:29]

.

2012-02-06 c:\windows\Tasks\User_Feed_Synchronization-{8F4D6CD7-BB5D-4ED4-BC00-D805472D1C7B}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://cincymls.net/

mStart Page = hxxp://home.sweetim.com/?crg=4.0003002

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

LSP: c:\program files\Ztinternetsecurity\FSPS\program\FSLSP.DLL

TCP: DhcpNameServer = 192.168.200.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-06 18:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-682003330-1078145449-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-682003330-1078145449-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:db,54,32,98,2d,0c,33,09,b8,d3,a6,ee,b5,6b,d9,54,8f,f9,25,ab,60,5a,bf,

41,5c,21,d0,9b,52,2b,c0,f3,1d,b8,e1,79,5e,e0,c8,f3,95,e6,17,3f,01,a4,5f,ee,\

"??"=hex:f6,68,ce,1a,a9,d5,36,16,60,f2,58,85,cc,bf,01,97

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(404)

c:\program files\ztinternetsecurity\hips\fshook32.dll

.

- - - - - - - > 'lsass.exe'(460)

c:\program files\Ztinternetsecurity\FSPS\program\FSLSP.DLL

c:\program files\ztinternetsecurity\hips\fshook32.dll

.

- - - - - - - > 'explorer.exe'(1796)

c:\windows\system32\WININET.dll

c:\program files\MozyHome\mozyshell.dll

c:\windows\system32\LIBEAY32.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\program files\Ztinternetsecurity\FSPS\program\FSLSP.DLL

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\ztinternetsecurity\scanner-interface\fsgkiapi.dll

.

Completion time: 2012-02-06 18:27:47

ComboFix-quarantined-files.txt 2012-02-06 23:27

ComboFix2.txt 2012-02-05 22:55

ComboFix3.txt 2012-02-05 01:03

ComboFix4.txt 2012-02-03 23:46

.

Pre-Run: 36,202,901,504 bytes free

Post-Run: 36,188,336,128 bytes free

.

- - End Of File - - 1A0903483FF922E09D60A9F35DFBB8C6

Link to post
Share on other sites

Here you go, Combofix2, combofix3, and combofix4

ComboFix 12-02-05.02 - bdm 02/05/2012 17:42:15.3.1 - x86

Running from: c:\documents and settings\bdm\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))

.

.

2012-02-03 00:17 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-02 22:41 . 2012-02-02 22:41 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-01 15:15 . 2012-02-01 17:35 -------- d-----w- c:\windows\tmp

2012-01-31 08:16 . 2012-01-31 08:16 -------- d-----w- C:\USMT2.UNC

2012-01-27 00:13 . 2012-01-27 00:13 -------- d-----w- c:\documents and settings\bdm\Application Data\Nuance

2012-01-27 00:12 . 2012-01-27 00:12 -------- d-----w- c:\documents and settings\bdm\Application Data\FLEXnet

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\program files\Nuance

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\documents and settings\bdm\Application Data\Skype

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\program files\Skype

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2012-01-16 13:27 . 2012-01-16 13:27 -------- d-----w- c:\program files\Common Files\PCSuite

2012-01-16 13:26 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2012-01-16 13:26 . 2012-01-16 13:26 -------- d-----w- c:\program files\PC Connectivity Solution

2012-01-16 13:25 . 2011-11-01 15:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2012-01-16 13:25 . 2011-11-01 15:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2012-01-16 13:25 . 2011-11-01 15:07 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2012-01-16 13:25 . 2011-11-01 15:07 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2012-01-16 13:08 . 2012-01-16 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations

2012-01-07 20:23 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll

2012-01-07 00:30 . 2012-01-07 00:34 -------- d-----w- C:\lj628

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-13 13:42 . 2010-09-21 14:50 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-01-13 13:29 . 2010-09-21 14:50 80080 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2012-01-06 00:13 . 2005-05-06 22:14 48128 ----a-w- c:\windows\system32\drivers\SiSRaid.sys

2012-01-06 00:13 . 2001-03-31 03:58 135168 ----a-w- c:\windows\system32\property.dll

2012-01-06 00:02 . 2006-06-03 19:04 32768 ----a-w- c:\windows\system32\drivers\sisnicxp.sys

2012-01-05 22:45 . 2006-07-12 18:19 1740800 ----a-w- c:\windows\system32\nvwssr.dll

2012-01-05 22:45 . 2006-07-12 18:19 1257472 ----a-w- c:\windows\system32\nvwss.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvwrspt.dll

2012-01-05 22:45 . 2005-12-19 15:56 319488 ----a-w- c:\windows\system32\nvwrsptb.dll

2012-01-05 22:45 . 2005-12-19 15:56 315392 ----a-w- c:\windows\system32\nvwrsru.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrstr.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrssl.dll

2012-01-05 22:45 . 2005-12-19 15:56 299008 ----a-w- c:\windows\system32\nvwrssk.dll

2012-01-05 22:45 . 2005-12-19 15:56 299008 ----a-w- c:\windows\system32\nvwrsno.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrssv.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrspl.dll

2012-01-05 22:45 . 2005-12-19 15:56 167936 ----a-w- c:\windows\system32\nvwrszht.dll

2012-01-05 22:45 . 2005-12-19 15:56 163840 ----a-w- c:\windows\system32\nvwrszhc.dll

2012-01-05 22:45 . 2005-12-19 15:56 1519616 ----a-w- c:\windows\system32\nwiz.exe

2012-01-05 22:45 . 2005-12-19 15:56 335872 ----a-w- c:\windows\system32\nvwrses.dll

2012-01-05 22:45 . 2005-12-19 15:56 335872 ----a-w- c:\windows\system32\nvwrsel.dll

2012-01-05 22:45 . 2005-12-19 15:56 327680 ----a-w- c:\windows\system32\nvwrsfr.dll

2012-01-05 22:45 . 2005-12-19 15:56 327680 ----a-w- c:\windows\system32\nvwrsesm.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvwrsit.dll

2012-01-05 22:45 . 2005-12-19 15:56 319488 ----a-w- c:\windows\system32\nvwrsnl.dll

2012-01-05 22:45 . 2005-12-19 15:56 315392 ----a-w- c:\windows\system32\nvwrshu.dll

2012-01-05 22:45 . 2005-12-19 15:56 311296 ----a-w- c:\windows\system32\nvwrsde.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrsfi.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrsda.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvwrseng.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvwrscs.dll

2012-01-05 22:45 . 2005-12-19 15:56 282624 ----a-w- c:\windows\system32\nvwrsar.dll

2012-01-05 22:45 . 2005-12-19 15:56 278528 ----a-w- c:\windows\system32\nvwrshe.dll

2012-01-05 22:45 . 2005-12-19 15:56 212992 ----a-w- c:\windows\system32\nvwrsja.dll

2012-01-05 22:45 . 2005-12-19 15:56 196608 ----a-w- c:\windows\system32\nvwrsko.dll

2012-01-05 22:45 . 2005-12-19 15:56 1662976 ----a-w- c:\windows\system32\nvwdmcpl.dll

2012-01-05 22:45 . 2005-12-19 15:56 1019904 ----a-w- c:\windows\system32\nvwimg.dll

2012-01-05 22:45 . 2006-07-12 18:19 2977792 ----a-w- c:\windows\system32\nvvitvsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 2932736 ----a-w- c:\windows\system32\nvvitvs.dll

2012-01-05 22:45 . 2005-12-19 15:56 73728 ----a-w- c:\windows\system32\nvtuicpl.cpl

2012-01-05 22:45 . 2005-12-19 15:56 466944 ----a-w- c:\windows\system32\nvshell.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvrshe.dll

2012-01-05 22:45 . 2005-12-19 15:56 278528 ----a-w- c:\windows\system32\nvrsfr.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrsit.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrses.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrsel.dll

2012-01-05 22:45 . 2005-12-19 15:56 270336 ----a-w- c:\windows\system32\nvrsde.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrspt.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrsnl.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrsesm.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsru.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsptb.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsja.dll

2012-01-05 22:45 . 2005-12-19 15:56 258048 ----a-w- c:\windows\system32\nvrsko.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrstr.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrssl.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrssk.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrspl.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrsno.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrshu.dll

2012-01-05 22:45 . 2005-12-19 15:56 245760 ----a-w- c:\windows\system32\nvrssv.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrsfi.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrseng.dll

2012-01-05 22:45 . 2005-12-19 15:56 221184 ----a-w- c:\windows\system32\nvrszhc.dll

2012-01-05 22:45 . 2005-12-19 15:56 122880 ----a-w- c:\windows\system32\nvrszht.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvrsar.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvnt4cpl.dll

2012-01-05 22:45 . 2005-12-19 15:56 245760 ----a-w- c:\windows\system32\nvrsda.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrscs.dll

2012-01-05 22:45 . 2006-07-12 18:19 888832 ----a-w- c:\windows\system32\nvmobls.dll

2012-01-05 22:45 . 2006-07-12 18:19 2859008 ----a-w- c:\windows\system32\nvmoblsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 462848 ----a-w- c:\windows\system32\nvmccssr.dll

2012-01-05 22:45 . 2006-07-12 18:19 188416 ----a-w- c:\windows\system32\nvmccss.dll

2012-01-05 22:45 . 2005-12-19 15:56 45056 ----a-w- c:\windows\system32\nvmccsrs.dll

2012-01-05 22:45 . 2005-12-19 15:56 229376 ----a-w- c:\windows\system32\nvmccs.dll

2012-01-05 22:45 . 2005-12-19 15:56 1466368 ----a-w- c:\windows\system32\nview.dll

2012-01-05 22:45 . 2006-07-12 18:19 311296 ----a-w- c:\windows\system32\nvexpbar.dll

2012-01-05 22:45 . 2006-07-12 18:19 3035136 ----a-w- c:\windows\system32\nvgames.dll

2012-01-05 22:45 . 2006-07-12 18:19 2887680 ----a-w- c:\windows\system32\nvgamesr.dll

2012-01-05 22:45 . 2005-12-19 15:56 581632 ----a-w- c:\windows\system32\nvhwvid.dll

2012-01-05 22:45 . 2005-12-19 15:56 1339392 ----a-w- c:\windows\system32\nvdspsch.exe

2012-01-05 22:45 . 2006-07-12 18:19 5246976 ----a-w- c:\windows\system32\nvdispsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 5656576 ----a-w- c:\windows\system32\nvdisps.dll

2012-01-05 22:45 . 2006-07-12 18:19 794624 ----a-w- c:\windows\system32\nvcplui.exe

2012-01-05 22:45 . 2006-07-12 18:19 1011712 ----a-w- c:\windows\system32\nvcpluir.dll

2012-01-05 22:45 . 2006-07-12 18:19 69632 ----a-w- c:\windows\system32\nvcpl.cpl

2012-01-05 22:45 . 2005-12-19 15:56 442368 ----a-w- c:\windows\system32\nvappbar.exe

2012-01-05 22:45 . 2005-12-19 15:56 35840 ----a-w- c:\windows\system32\nvcodins.dll

2012-01-05 22:45 . 2005-12-19 15:56 35840 ----a-w- c:\windows\system32\nvcod.dll

2012-01-05 22:45 . 2005-12-19 15:56 425984 ----a-w- c:\windows\system32\keystone.exe

2011-12-29 16:11 . 2011-09-15 19:05 57344 ----a-r- c:\documents and settings\bdm\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2011-12-29 16:06 . 2003-03-19 01:05 106496 ----a-w- c:\windows\system32\ATL71.DLL

2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2004-08-04 12:00 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21 . 2004-08-04 12:00 152064 ----a-w- c:\windows\system32\schannel.dll

2004-10-01 19:00 . 2006-10-14 21:33 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-05_01.01.13 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-02-05 22:35 . 2012-02-05 22:35 16384 c:\windows\temp\Perflib_Perfdata_690.dat

+ 2012-01-25 15:16 . 2012-02-05 22:35 212099 c:\windows\system32\inetsrv\MetaBase.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2010-11-08 21:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2010-11-08 21:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2012-01-17 495400]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F-Secure Manager"="c:\program files\Ztinternetsecurity\Common\FSM32.EXE" [2012-01-13 199344]

"F-Secure TNB"="c:\program files\Ztinternetsecurity\FSGUI\TNBUtil.exe" [2012-01-13 1655464]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2012-01-17 495400]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP LaserJet 3150 Status.lnk - c:\jetsuite\JETSTAT.EXE [2007-8-3 147456]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^bdm^Start Menu^Programs^Startup^Memeo Launcher.lnk]

path=c:\documents and settings\bdm\Start Menu\Programs\Startup\Memeo Launcher.lnk

backup=c:\windows\pss\Memeo Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Doctor]

2011-10-11 19:58 46424 ----a-w- c:\program files\Device Doctor\DDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]

2010-05-25 23:16 619008 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]

2008-09-02 13:34 210224 ----a-w- c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]

2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"NVSvc"=2 (0x2)

"nmservice"=2 (0x2)

"mozybackup"=2 (0x2)

"MDM"=2 (0x2)

"LinksysUpdater"=2 (0x2)

"LightScribeService"=2 (0x2)

"Delete Duplicate Files Scan on Schedule Service"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"stllssvr"=3 (0x3)

"ServiceLayer"=3 (0x3)

"RoxLiveShare9"=2 (0x2)

"Roxio Upnp Server 9"=2 (0x2)

"Roxio UPnP Renderer 9"=3 (0x3)

"Pml Driver HPZ12"=2 (0x2)

"wlidsvc"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Documents and Settings\\bdm\\My Documents\\Downloads\\SweetIMSetup.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

"67:UDP"= 67:UDP:DHCP Discovery Service

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R2 gupdate1ca1e7c83b7e348;Google Update Service (gupdate1ca1e7c83b7e348);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Ztinternetsecurity\ORSP Client\fsorsp.exe [2011-05-23 61088]

R3 FXDRV;FXDRV;D:\Fxdrv.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]

R4 Delete Duplicate Files Scan on Schedule Service;Delete Duplicate Files Scan on Schedule Service;c:\program files\Delete Duplicate Files\DDFS.exe [2008-07-02 208896]

R4 jsdbg;jsdbg;c:\windows\system32\drivers\jsdbg.sys [1999-09-22 50352]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-01-13 42672]

S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2012-01-13 80080]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Ztinternetsecurity\HIPS\drivers\fshs.sys [2012-01-13 68144]

S1 jsmux;jsmux;c:\windows\system32\drivers\jsmux.sys [1999-09-22 173880]

S1 jsscan;jsscan;c:\windows\system32\drivers\jsscan.sys [1999-09-22 56672]

S2 bzserv;Backblaze Service;c:\program files\Backblaze\bzserv.exe [2012-01-17 211240]

S2 Iprip;RIP Listener;c:\windows\System32\svchost.exe [2008-04-14 14336]

S2 jsfax;jsfax;c:\windows\system32\drivers\jsfax.sys [1999-09-22 59604]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Ztinternetsecurity\Anti-Virus\minifilter\fsgk.sys [2012-01-13 148632]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-05 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 18:31]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 14:18]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 14:18]

.

2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1003Core.job

- c:\documents and settings\bdm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 08:45]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1003UA.job

- c:\documents and settings\bdm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 08:45]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1010Core.job

- c:\documents and settings\Augie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:50]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1010UA.job

- c:\documents and settings\Augie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:50]

.

2012-02-05 c:\windows\Tasks\Scheduled scanning task.job

- c:\progra~1\ZTINTE~1\ANTI-V~1\fsav.exe [2010-09-21 13:29]

.

2012-02-05 c:\windows\Tasks\User_Feed_Synchronization-{8F4D6CD7-BB5D-4ED4-BC00-D805472D1C7B}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://cincymls.net/

mStart Page = hxxp://home.sweetim.com/?crg=4.0003002

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

LSP: c:\program files\Ztinternetsecurity\FSPS\program\FSLSP.DLL

TCP: DhcpNameServer = 192.168.200.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-05 17:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-682003330-1078145449-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-682003330-1078145449-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:db,54,32,98,2d,0c,33,09,b8,d3,a6,ee,b5,6b,d9,54,8f,f9,25,ab,60,5a,bf,

41,5c,21,d0,9b,52,2b,c0,f3,1d,b8,e1,79,5e,e0,c8,f3,95,e6,17,3f,01,a4,5f,ee,\

"??"=hex:f6,68,ce,1a,a9,d5,36,16,60,f2,58,85,cc,bf,01,97

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(400)

c:\program files\ztinternetsecurity\hips\fshook32.dll

.

- - - - - - - > 'lsass.exe'(456)

c:\program files\Ztinternetsecurity\FSPS\program\FSLSP.DLL

c:\program files\ztinternetsecurity\hips\fshook32.dll

.

- - - - - - - > 'explorer.exe'(3048)

c:\windows\system32\WININET.dll

c:\program files\MozyHome\mozyshell.dll

c:\windows\system32\LIBEAY32.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\program files\Ztinternetsecurity\FSPS\program\FSLSP.DLL

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\ztinternetsecurity\scanner-interface\fsgkiapi.dll

.

Completion time: 2012-02-05 17:55:54

ComboFix-quarantined-files.txt 2012-02-05 22:55

ComboFix2.txt 2012-02-05 01:03

ComboFix3.txt 2012-02-03 23:46

.

Pre-Run: 36,211,204,096 bytes free

Post-Run: 36,217,020,416 bytes free

.

- - End Of File - - CC5B12A3E8E32A24C3D0E7140773F170

ComboFix 12-02-05.01 - bdm 02/04/2012 19:51:11.2.1 - x86 NETWORK

Running from: c:\documents and settings\bdm\My Documents\Downloads\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))

.

.

2012-02-03 00:17 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-02 22:41 . 2012-02-02 22:41 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-01 15:15 . 2012-02-01 17:35 -------- d-----w- c:\windows\tmp

2012-01-31 08:16 . 2012-01-31 08:16 -------- d-----w- C:\USMT2.UNC

2012-01-27 00:13 . 2012-01-27 00:13 -------- d-----w- c:\documents and settings\bdm\Application Data\Nuance

2012-01-27 00:12 . 2012-01-27 00:12 -------- d-----w- c:\documents and settings\bdm\Application Data\FLEXnet

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\program files\Nuance

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\documents and settings\bdm\Application Data\Skype

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\program files\Skype

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2012-01-16 13:27 . 2012-01-16 13:27 -------- d-----w- c:\program files\Common Files\PCSuite

2012-01-16 13:26 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2012-01-16 13:26 . 2012-01-16 13:26 -------- d-----w- c:\program files\PC Connectivity Solution

2012-01-16 13:25 . 2011-11-01 15:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2012-01-16 13:25 . 2011-11-01 15:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2012-01-16 13:25 . 2011-11-01 15:07 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2012-01-16 13:25 . 2011-11-01 15:07 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2012-01-16 13:08 . 2012-01-16 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations

2012-01-07 20:23 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll

2012-01-07 00:30 . 2012-01-07 00:34 -------- d-----w- C:\lj628

2012-01-06 18:36 . 2012-01-26 21:20 -------- d-----w- c:\documents and settings\bdm\Application Data\FinalTorrent

2012-01-06 16:51 . 2012-01-06 16:51 -------- d-----w- c:\program files\File Type Assistant

2012-01-06 16:48 . 2012-01-06 16:55 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2012-01-06 16:47 . 2012-01-06 16:48 -------- d-----w- c:\program files\FinalTorrent

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-13 13:42 . 2010-09-21 14:50 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-01-13 13:29 . 2010-09-21 14:50 80080 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2012-01-06 00:13 . 2005-05-06 22:14 48128 ----a-w- c:\windows\system32\drivers\SiSRaid.sys

2012-01-06 00:13 . 2001-03-31 03:58 135168 ----a-w- c:\windows\system32\property.dll

2012-01-06 00:02 . 2006-06-03 19:04 32768 ----a-w- c:\windows\system32\drivers\sisnicxp.sys

2012-01-05 22:45 . 2006-07-12 18:19 1740800 ----a-w- c:\windows\system32\nvwssr.dll

2012-01-05 22:45 . 2006-07-12 18:19 1257472 ----a-w- c:\windows\system32\nvwss.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvwrspt.dll

2012-01-05 22:45 . 2005-12-19 15:56 319488 ----a-w- c:\windows\system32\nvwrsptb.dll

2012-01-05 22:45 . 2005-12-19 15:56 315392 ----a-w- c:\windows\system32\nvwrsru.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrstr.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrssl.dll

2012-01-05 22:45 . 2005-12-19 15:56 299008 ----a-w- c:\windows\system32\nvwrssk.dll

2012-01-05 22:45 . 2005-12-19 15:56 299008 ----a-w- c:\windows\system32\nvwrsno.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrssv.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrspl.dll

2012-01-05 22:45 . 2005-12-19 15:56 167936 ----a-w- c:\windows\system32\nvwrszht.dll

2012-01-05 22:45 . 2005-12-19 15:56 163840 ----a-w- c:\windows\system32\nvwrszhc.dll

2012-01-05 22:45 . 2005-12-19 15:56 1519616 ----a-w- c:\windows\system32\nwiz.exe

2012-01-05 22:45 . 2005-12-19 15:56 335872 ----a-w- c:\windows\system32\nvwrses.dll

2012-01-05 22:45 . 2005-12-19 15:56 335872 ----a-w- c:\windows\system32\nvwrsel.dll

2012-01-05 22:45 . 2005-12-19 15:56 327680 ----a-w- c:\windows\system32\nvwrsfr.dll

2012-01-05 22:45 . 2005-12-19 15:56 327680 ----a-w- c:\windows\system32\nvwrsesm.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvwrsit.dll

2012-01-05 22:45 . 2005-12-19 15:56 319488 ----a-w- c:\windows\system32\nvwrsnl.dll

2012-01-05 22:45 . 2005-12-19 15:56 315392 ----a-w- c:\windows\system32\nvwrshu.dll

2012-01-05 22:45 . 2005-12-19 15:56 311296 ----a-w- c:\windows\system32\nvwrsde.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrsfi.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrsda.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvwrseng.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvwrscs.dll

2012-01-05 22:45 . 2005-12-19 15:56 282624 ----a-w- c:\windows\system32\nvwrsar.dll

2012-01-05 22:45 . 2005-12-19 15:56 278528 ----a-w- c:\windows\system32\nvwrshe.dll

2012-01-05 22:45 . 2005-12-19 15:56 212992 ----a-w- c:\windows\system32\nvwrsja.dll

2012-01-05 22:45 . 2005-12-19 15:56 196608 ----a-w- c:\windows\system32\nvwrsko.dll

2012-01-05 22:45 . 2005-12-19 15:56 1662976 ----a-w- c:\windows\system32\nvwdmcpl.dll

2012-01-05 22:45 . 2005-12-19 15:56 1019904 ----a-w- c:\windows\system32\nvwimg.dll

2012-01-05 22:45 . 2006-07-12 18:19 2977792 ----a-w- c:\windows\system32\nvvitvsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 2932736 ----a-w- c:\windows\system32\nvvitvs.dll

2012-01-05 22:45 . 2005-12-19 15:56 73728 ----a-w- c:\windows\system32\nvtuicpl.cpl

2012-01-05 22:45 . 2005-12-19 15:56 466944 ----a-w- c:\windows\system32\nvshell.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvrshe.dll

2012-01-05 22:45 . 2005-12-19 15:56 278528 ----a-w- c:\windows\system32\nvrsfr.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrsit.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrses.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrsel.dll

2012-01-05 22:45 . 2005-12-19 15:56 270336 ----a-w- c:\windows\system32\nvrsde.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrspt.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrsnl.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrsesm.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsru.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsptb.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsja.dll

2012-01-05 22:45 . 2005-12-19 15:56 258048 ----a-w- c:\windows\system32\nvrsko.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrstr.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrssl.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrssk.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrspl.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrsno.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrshu.dll

2012-01-05 22:45 . 2005-12-19 15:56 245760 ----a-w- c:\windows\system32\nvrssv.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrsfi.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrseng.dll

2012-01-05 22:45 . 2005-12-19 15:56 221184 ----a-w- c:\windows\system32\nvrszhc.dll

2012-01-05 22:45 . 2005-12-19 15:56 122880 ----a-w- c:\windows\system32\nvrszht.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvrsar.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvnt4cpl.dll

2012-01-05 22:45 . 2005-12-19 15:56 245760 ----a-w- c:\windows\system32\nvrsda.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrscs.dll

2012-01-05 22:45 . 2006-07-12 18:19 888832 ----a-w- c:\windows\system32\nvmobls.dll

2012-01-05 22:45 . 2006-07-12 18:19 2859008 ----a-w- c:\windows\system32\nvmoblsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 462848 ----a-w- c:\windows\system32\nvmccssr.dll

2012-01-05 22:45 . 2006-07-12 18:19 188416 ----a-w- c:\windows\system32\nvmccss.dll

2012-01-05 22:45 . 2005-12-19 15:56 45056 ----a-w- c:\windows\system32\nvmccsrs.dll

2012-01-05 22:45 . 2005-12-19 15:56 229376 ----a-w- c:\windows\system32\nvmccs.dll

2012-01-05 22:45 . 2005-12-19 15:56 1466368 ----a-w- c:\windows\system32\nview.dll

2012-01-05 22:45 . 2006-07-12 18:19 311296 ----a-w- c:\windows\system32\nvexpbar.dll

2012-01-05 22:45 . 2006-07-12 18:19 3035136 ----a-w- c:\windows\system32\nvgames.dll

2012-01-05 22:45 . 2006-07-12 18:19 2887680 ----a-w- c:\windows\system32\nvgamesr.dll

2012-01-05 22:45 . 2005-12-19 15:56 581632 ----a-w- c:\windows\system32\nvhwvid.dll

2012-01-05 22:45 . 2005-12-19 15:56 1339392 ----a-w- c:\windows\system32\nvdspsch.exe

2012-01-05 22:45 . 2006-07-12 18:19 5246976 ----a-w- c:\windows\system32\nvdispsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 5656576 ----a-w- c:\windows\system32\nvdisps.dll

2012-01-05 22:45 . 2006-07-12 18:19 794624 ----a-w- c:\windows\system32\nvcplui.exe

2012-01-05 22:45 . 2006-07-12 18:19 1011712 ----a-w- c:\windows\system32\nvcpluir.dll

2012-01-05 22:45 . 2006-07-12 18:19 69632 ----a-w- c:\windows\system32\nvcpl.cpl

2012-01-05 22:45 . 2005-12-19 15:56 442368 ----a-w- c:\windows\system32\nvappbar.exe

2012-01-05 22:45 . 2005-12-19 15:56 35840 ----a-w- c:\windows\system32\nvcodins.dll

2012-01-05 22:45 . 2005-12-19 15:56 35840 ----a-w- c:\windows\system32\nvcod.dll

2012-01-05 22:45 . 2005-12-19 15:56 425984 ----a-w- c:\windows\system32\keystone.exe

2011-12-29 16:11 . 2011-09-15 19:05 57344 ----a-r- c:\documents and settings\bdm\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2011-12-29 16:06 . 2003-03-19 01:05 106496 ----a-w- c:\windows\system32\ATL71.DLL

2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2004-08-04 12:00 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21 . 2004-08-04 12:00 152064 ----a-w- c:\windows\system32\schannel.dll

2004-10-01 19:00 . 2006-10-14 21:33 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2010-11-08 21:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2010-11-08 21:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2012-01-17 495400]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F-Secure Manager"="c:\program files\Ztinternetsecurity\Common\FSM32.EXE" [2012-01-13 199344]

"F-Secure TNB"="c:\program files\Ztinternetsecurity\FSGUI\TNBUtil.exe" [2012-01-13 1655464]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2012-01-17 495400]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP LaserJet 3150 Status.lnk - c:\jetsuite\JETSTAT.EXE [2007-8-3 147456]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^bdm^Start Menu^Programs^Startup^Memeo Launcher.lnk]

path=c:\documents and settings\bdm\Start Menu\Programs\Startup\Memeo Launcher.lnk

backup=c:\windows\pss\Memeo Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Doctor]

2011-10-11 19:58 46424 ----a-w- c:\program files\Device Doctor\DDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]

2010-05-25 23:16 619008 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]

2008-09-02 13:34 210224 ----a-w- c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]

2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"NVSvc"=2 (0x2)

"nmservice"=2 (0x2)

"mozybackup"=2 (0x2)

"MDM"=2 (0x2)

"LinksysUpdater"=2 (0x2)

"LightScribeService"=2 (0x2)

"Delete Duplicate Files Scan on Schedule Service"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"stllssvr"=3 (0x3)

"ServiceLayer"=3 (0x3)

"RoxLiveShare9"=2 (0x2)

"Roxio Upnp Server 9"=2 (0x2)

"Roxio UPnP Renderer 9"=3 (0x3)

"Pml Driver HPZ12"=2 (0x2)

"wlidsvc"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Program Files\\FinalTorrent\\FinalTorrent.EXE"=

"c:\\Program Files\\FinalTorrent\\FTCheckForUpdates.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

"67:UDP"= 67:UDP:DHCP Discovery Service

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-01-13 42672]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Ztinternetsecurity\HIPS\drivers\fshs.sys [2012-01-13 68144]

R1 jsmux;jsmux;c:\windows\system32\drivers\jsmux.sys [1999-09-22 173880]

R1 jsscan;jsscan;c:\windows\system32\drivers\jsscan.sys [1999-09-22 56672]

R2 bzserv;Backblaze Service;c:\program files\Backblaze\bzserv.exe [2012-01-17 211240]

R2 gupdate1ca1e7c83b7e348;Google Update Service (gupdate1ca1e7c83b7e348);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]

R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe [2008-04-14 14336]

R2 jsfax;jsfax;c:\windows\system32\drivers\jsfax.sys [1999-09-22 59604]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Ztinternetsecurity\Anti-Virus\minifilter\fsgk.sys [2012-01-13 148632]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Ztinternetsecurity\ORSP Client\fsorsp.exe [2011-05-23 61088]

R3 FXDRV;FXDRV;D:\Fxdrv.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]

R4 Delete Duplicate Files Scan on Schedule Service;Delete Duplicate Files Scan on Schedule Service;c:\program files\Delete Duplicate Files\DDFS.exe [2008-07-02 208896]

R4 jsdbg;jsdbg;c:\windows\system32\drivers\jsdbg.sys [1999-09-22 50352]

S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2012-01-13 80080]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-04 c:\windows\Tasks\FinalTorrent Update Checker.job

- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2012-01-06 20:24]

.

2012-02-05 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 18:31]

.

2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 14:18]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 14:18]

.

2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1003Core.job

- c:\documents and settings\bdm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 08:45]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1003UA.job

- c:\documents and settings\bdm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 08:45]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1010Core.job

- c:\documents and settings\Augie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:50]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1010UA.job

- c:\documents and settings\Augie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:50]

.

2012-02-04 c:\windows\Tasks\Scheduled scanning task.job

- c:\progra~1\ZTINTE~1\ANTI-V~1\fsav.exe [2010-09-21 13:29]

.

2012-02-05 c:\windows\Tasks\User_Feed_Synchronization-{8F4D6CD7-BB5D-4ED4-BC00-D805472D1C7B}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://cincymls.net/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

LSP: c:\program files\Ztinternetsecurity\FSPS\program\FSLSP.DLL

TCP: DhcpNameServer = 192.168.200.1

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-04 20:01

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-682003330-1078145449-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-682003330-1078145449-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:db,54,32,98,2d,0c,33,09,b8,d3,a6,ee,b5,6b,d9,54,8f,f9,25,ab,60,5a,bf,

41,5c,21,d0,9b,52,2b,c0,f3,1d,b8,e1,79,5e,e0,c8,f3,95,e6,17,3f,01,a4,5f,ee,\

"??"=hex:f6,68,ce,1a,a9,d5,36,16,60,f2,58,85,cc,bf,01,97

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1720)

c:\windows\system32\WININET.dll

c:\program files\MozyHome\mozyshell.dll

c:\windows\system32\LIBEAY32.dll

.

Completion time: 2012-02-04 20:03:23

ComboFix-quarantined-files.txt 2012-02-05 01:03

ComboFix2.txt 2012-02-03 23:46

.

Pre-Run: 36,001,783,808 bytes free

Post-Run: 35,991,318,528 bytes free

.

- - End Of File - - 52C46A128A6D3BA3D834843D2432251C

ComboFix 12-02-03.02 - bdm 02/03/2012 18:19:19.1.1 - x86

Running from: c:\documents and settings\bdm\My Documents\Downloads\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt

c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\bdm\Application Data\HPSU_48BitScanUpdate.log

c:\documents and settings\bdm\Favorites\Translator.url

c:\documents and settings\bdm\WINDOWS

c:\program files\Internet Explorer\SET2778.tmp

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

C:\t.txt

c:\windows\alcrmv.exe

c:\windows\EventSystem.log

c:\windows\system32\Cache

c:\windows\system32\office.exe

c:\windows\system32\SET2759.tmp

c:\windows\system32\SET275A.tmp

c:\windows\system32\SET275B.tmp

c:\windows\system32\SET275C.tmp

c:\windows\system32\SET275D.tmp

c:\windows\system32\SET2760.tmp

c:\windows\system32\SET2761.tmp

c:\windows\system32\SET2762.tmp

c:\windows\system32\SET2763.tmp

c:\windows\system32\SET2764.tmp

c:\windows\system32\SET2765.tmp

c:\windows\system32\SET2768.tmp

c:\windows\system32\SET276A.tmp

c:\windows\system32\SET276B.tmp

c:\windows\system32\SET276D.tmp

c:\windows\system32\SET276E.tmp

c:\windows\system32\SET2773.tmp

c:\windows\system32\SET2774.tmp

c:\windows\system32\SET2775.tmp

c:\windows\system32\SET2777.tmp

c:\windows\system32\SET2FA.tmp

c:\windows\system32\SET2FC.tmp

c:\windows\system32\SET301.tmp

c:\windows\system32\SET308.tmp

c:\windows\system32\SET30A.tmp

c:\windows\system32\SET311.tmp

c:\windows\system32\SET312.tmp

c:\windows\system32\SET313.tmp

c:\windows\system32\SET316.tmp

c:\windows\system32\WinSys.exe

F:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))

.

.

2012-02-03 00:17 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-02 22:41 . 2012-02-02 22:41 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-01 15:15 . 2012-02-01 17:35 -------- d-----w- c:\windows\tmp

2012-01-31 08:16 . 2012-01-31 08:16 -------- d-----w- C:\USMT2.UNC

2012-01-27 00:13 . 2012-01-27 00:13 -------- d-----w- c:\documents and settings\bdm\Application Data\Nuance

2012-01-27 00:12 . 2012-01-27 00:12 -------- d-----w- c:\documents and settings\bdm\Application Data\FLEXnet

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\program files\Nuance

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance

2012-01-27 00:05 . 2012-01-27 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\documents and settings\bdm\Application Data\Skype

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\program files\Skype

2012-01-26 22:47 . 2012-02-02 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2012-01-16 13:27 . 2012-01-16 13:27 -------- d-----w- c:\program files\Common Files\PCSuite

2012-01-16 13:26 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2012-01-16 13:26 . 2012-01-16 13:26 -------- d-----w- c:\program files\PC Connectivity Solution

2012-01-16 13:25 . 2011-11-01 15:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2012-01-16 13:25 . 2011-11-01 15:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2012-01-16 13:25 . 2011-11-01 15:07 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2012-01-16 13:25 . 2011-11-01 15:07 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2012-01-16 13:08 . 2012-01-16 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations

2012-01-07 20:23 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll

2012-01-07 00:30 . 2012-01-07 00:34 -------- d-----w- C:\lj628

2012-01-06 18:36 . 2012-01-26 21:20 -------- d-----w- c:\documents and settings\bdm\Application Data\FinalTorrent

2012-01-06 16:51 . 2012-01-06 16:51 -------- d-----w- c:\program files\File Type Assistant

2012-01-06 16:48 . 2012-01-06 16:55 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2012-01-06 16:47 . 2012-01-06 16:48 -------- d-----w- c:\program files\FinalTorrent

2012-01-06 00:34 . 2012-01-06 00:34 -------- d-----w- c:\documents and settings\bdm\Application Data\WinBatch

2012-01-06 00:19 . 2012-01-06 00:19 -------- d-----w- c:\program files\Silicon Integrated Systems

2012-01-05 23:33 . 2012-01-05 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2012-01-05 23:33 . 2011-10-08 04:50 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2012-01-05 23:33 . 2012-01-05 23:33 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-01-05 23:33 . 2012-01-05 23:33 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-01-05 23:33 . 2012-01-05 23:33 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-01-05 23:31 . 2011-10-08 04:50 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-01-05 23:31 . 2011-10-08 04:50 877376 ----a-w- c:\windows\system32\nvgenco32.dll

2012-01-05 23:31 . 2011-10-08 04:50 919872 ----a-w- c:\windows\system32\nvdispco32.dll

2012-01-05 23:31 . 2011-10-08 04:50 5595136 ----a-w- c:\windows\system32\nvcuda.dll

2012-01-05 23:31 . 2011-10-08 04:50 2398016 ----a-w- c:\windows\system32\nvcuvid.dll

2012-01-05 23:31 . 2011-10-08 04:50 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-01-05 23:31 . 2011-10-08 04:50 17240064 ----a-w- c:\windows\system32\nvcompiler.dll

2012-01-05 23:31 . 2012-01-06 01:16 -------- d-----w- c:\program files\NVIDIA Corporation

2012-01-05 23:30 . 2012-01-05 23:30 -------- d-----w- C:\NVIDIA

2012-01-05 23:25 . 2012-01-05 23:25 -------- d-----w- c:\program files\SystemRequirementsLab

2012-01-05 23:17 . 2012-01-05 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles

2012-01-05 23:15 . 2012-01-05 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA

2012-01-05 21:52 . 2012-01-05 21:52 -------- d-----w- c:\documents and settings\bdm\Application Data\Device Doctor

2012-01-05 21:51 . 2012-01-05 21:52 -------- d-----w- c:\program files\Device Doctor

2012-01-05 19:57 . 2012-01-05 19:58 -------- d-----w- c:\windows\system32\DRM

2012-01-05 00:12 . 2012-01-05 00:12 -------- d-----w- c:\documents and settings\Augie\Application Data\PC Suite

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-13 13:42 . 2010-09-21 14:50 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-01-13 13:29 . 2010-09-21 14:50 80080 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2012-01-06 00:13 . 2005-05-06 22:14 48128 ----a-w- c:\windows\system32\drivers\SiSRaid.sys

2012-01-06 00:13 . 2001-03-31 03:58 135168 ----a-w- c:\windows\system32\property.dll

2012-01-06 00:02 . 2006-06-03 19:04 32768 ----a-w- c:\windows\system32\drivers\sisnicxp.sys

2012-01-05 22:45 . 2006-07-12 18:19 1740800 ----a-w- c:\windows\system32\nvwssr.dll

2012-01-05 22:45 . 2006-07-12 18:19 1257472 ----a-w- c:\windows\system32\nvwss.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvwrspt.dll

2012-01-05 22:45 . 2005-12-19 15:56 319488 ----a-w- c:\windows\system32\nvwrsptb.dll

2012-01-05 22:45 . 2005-12-19 15:56 315392 ----a-w- c:\windows\system32\nvwrsru.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrstr.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrssl.dll

2012-01-05 22:45 . 2005-12-19 15:56 299008 ----a-w- c:\windows\system32\nvwrssk.dll

2012-01-05 22:45 . 2005-12-19 15:56 299008 ----a-w- c:\windows\system32\nvwrsno.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrssv.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrspl.dll

2012-01-05 22:45 . 2005-12-19 15:56 167936 ----a-w- c:\windows\system32\nvwrszht.dll

2012-01-05 22:45 . 2005-12-19 15:56 163840 ----a-w- c:\windows\system32\nvwrszhc.dll

2012-01-05 22:45 . 2005-12-19 15:56 1519616 ----a-w- c:\windows\system32\nwiz.exe

2012-01-05 22:45 . 2005-12-19 15:56 335872 ----a-w- c:\windows\system32\nvwrses.dll

2012-01-05 22:45 . 2005-12-19 15:56 335872 ----a-w- c:\windows\system32\nvwrsel.dll

2012-01-05 22:45 . 2005-12-19 15:56 327680 ----a-w- c:\windows\system32\nvwrsfr.dll

2012-01-05 22:45 . 2005-12-19 15:56 327680 ----a-w- c:\windows\system32\nvwrsesm.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvwrsit.dll

2012-01-05 22:45 . 2005-12-19 15:56 319488 ----a-w- c:\windows\system32\nvwrsnl.dll

2012-01-05 22:45 . 2005-12-19 15:56 315392 ----a-w- c:\windows\system32\nvwrshu.dll

2012-01-05 22:45 . 2005-12-19 15:56 311296 ----a-w- c:\windows\system32\nvwrsde.dll

2012-01-05 22:45 . 2005-12-19 15:56 303104 ----a-w- c:\windows\system32\nvwrsfi.dll

2012-01-05 22:45 . 2005-12-19 15:56 294912 ----a-w- c:\windows\system32\nvwrsda.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvwrseng.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvwrscs.dll

2012-01-05 22:45 . 2005-12-19 15:56 282624 ----a-w- c:\windows\system32\nvwrsar.dll

2012-01-05 22:45 . 2005-12-19 15:56 278528 ----a-w- c:\windows\system32\nvwrshe.dll

2012-01-05 22:45 . 2005-12-19 15:56 212992 ----a-w- c:\windows\system32\nvwrsja.dll

2012-01-05 22:45 . 2005-12-19 15:56 196608 ----a-w- c:\windows\system32\nvwrsko.dll

2012-01-05 22:45 . 2005-12-19 15:56 1662976 ----a-w- c:\windows\system32\nvwdmcpl.dll

2012-01-05 22:45 . 2005-12-19 15:56 1019904 ----a-w- c:\windows\system32\nvwimg.dll

2012-01-05 22:45 . 2006-07-12 18:19 2977792 ----a-w- c:\windows\system32\nvvitvsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 2932736 ----a-w- c:\windows\system32\nvvitvs.dll

2012-01-05 22:45 . 2005-12-19 15:56 73728 ----a-w- c:\windows\system32\nvtuicpl.cpl

2012-01-05 22:45 . 2005-12-19 15:56 466944 ----a-w- c:\windows\system32\nvshell.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvrshe.dll

2012-01-05 22:45 . 2005-12-19 15:56 278528 ----a-w- c:\windows\system32\nvrsfr.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrsit.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrses.dll

2012-01-05 22:45 . 2005-12-19 15:56 274432 ----a-w- c:\windows\system32\nvrsel.dll

2012-01-05 22:45 . 2005-12-19 15:56 270336 ----a-w- c:\windows\system32\nvrsde.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrspt.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrsnl.dll

2012-01-05 22:45 . 2005-12-19 15:56 266240 ----a-w- c:\windows\system32\nvrsesm.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsru.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsptb.dll

2012-01-05 22:45 . 2005-12-19 15:56 262144 ----a-w- c:\windows\system32\nvrsja.dll

2012-01-05 22:45 . 2005-12-19 15:56 258048 ----a-w- c:\windows\system32\nvrsko.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrstr.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrssl.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrssk.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrspl.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrsno.dll

2012-01-05 22:45 . 2005-12-19 15:56 249856 ----a-w- c:\windows\system32\nvrshu.dll

2012-01-05 22:45 . 2005-12-19 15:56 245760 ----a-w- c:\windows\system32\nvrssv.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrsfi.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrseng.dll

2012-01-05 22:45 . 2005-12-19 15:56 221184 ----a-w- c:\windows\system32\nvrszhc.dll

2012-01-05 22:45 . 2005-12-19 15:56 122880 ----a-w- c:\windows\system32\nvrszht.dll

2012-01-05 22:45 . 2005-12-19 15:56 323584 ----a-w- c:\windows\system32\nvrsar.dll

2012-01-05 22:45 . 2005-12-19 15:56 286720 ----a-w- c:\windows\system32\nvnt4cpl.dll

2012-01-05 22:45 . 2005-12-19 15:56 245760 ----a-w- c:\windows\system32\nvrsda.dll

2012-01-05 22:45 . 2005-12-19 15:56 241664 ----a-w- c:\windows\system32\nvrscs.dll

2012-01-05 22:45 . 2006-07-12 18:19 888832 ----a-w- c:\windows\system32\nvmobls.dll

2012-01-05 22:45 . 2006-07-12 18:19 2859008 ----a-w- c:\windows\system32\nvmoblsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 462848 ----a-w- c:\windows\system32\nvmccssr.dll

2012-01-05 22:45 . 2006-07-12 18:19 188416 ----a-w- c:\windows\system32\nvmccss.dll

2012-01-05 22:45 . 2005-12-19 15:56 45056 ----a-w- c:\windows\system32\nvmccsrs.dll

2012-01-05 22:45 . 2005-12-19 15:56 229376 ----a-w- c:\windows\system32\nvmccs.dll

2012-01-05 22:45 . 2005-12-19 15:56 1466368 ----a-w- c:\windows\system32\nview.dll

2012-01-05 22:45 . 2006-07-12 18:19 311296 ----a-w- c:\windows\system32\nvexpbar.dll

2012-01-05 22:45 . 2006-07-12 18:19 3035136 ----a-w- c:\windows\system32\nvgames.dll

2012-01-05 22:45 . 2006-07-12 18:19 2887680 ----a-w- c:\windows\system32\nvgamesr.dll

2012-01-05 22:45 . 2005-12-19 15:56 581632 ----a-w- c:\windows\system32\nvhwvid.dll

2012-01-05 22:45 . 2005-12-19 15:56 1339392 ----a-w- c:\windows\system32\nvdspsch.exe

2012-01-05 22:45 . 2006-07-12 18:19 5246976 ----a-w- c:\windows\system32\nvdispsr.dll

2012-01-05 22:45 . 2006-07-12 18:19 5656576 ----a-w- c:\windows\system32\nvdisps.dll

2012-01-05 22:45 . 2006-07-12 18:19 794624 ----a-w- c:\windows\system32\nvcplui.exe

2012-01-05 22:45 . 2006-07-12 18:19 1011712 ----a-w- c:\windows\system32\nvcpluir.dll

2012-01-05 22:45 . 2006-07-12 18:19 69632 ----a-w- c:\windows\system32\nvcpl.cpl

2012-01-05 22:45 . 2005-12-19 15:56 442368 ----a-w- c:\windows\system32\nvappbar.exe

2012-01-05 22:45 . 2005-12-19 15:56 35840 ----a-w- c:\windows\system32\nvcodins.dll

2012-01-05 22:45 . 2005-12-19 15:56 35840 ----a-w- c:\windows\system32\nvcod.dll

2012-01-05 22:45 . 2005-12-19 15:56 425984 ----a-w- c:\windows\system32\keystone.exe

2011-12-29 16:11 . 2011-09-15 19:05 57344 ----a-r- c:\documents and settings\bdm\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2011-12-29 16:06 . 2003-03-19 01:05 106496 ----a-w- c:\windows\system32\ATL71.DLL

2011-12-08 15:27 . 2011-07-07 12:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2004-08-04 12:00 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21 . 2004-08-04 12:00 152064 ----a-w- c:\windows\system32\schannel.dll

2004-10-01 19:00 . 2006-10-14 21:33 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2010-11-08 21:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2010-11-08 21:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2012-01-17 495400]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F-Secure Manager"="c:\program files\Ztinternetsecurity\Common\FSM32.EXE" [2012-01-13 199344]

"F-Secure TNB"="c:\program files\Ztinternetsecurity\FSGUI\TNBUtil.exe" [2012-01-13 1655464]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2012-01-17 495400]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP LaserJet 3150 Status.lnk - c:\jetsuite\JETSTAT.EXE [2007-8-3 147456]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^bdm^Start Menu^Programs^Startup^Memeo Launcher.lnk]

path=c:\documents and settings\bdm\Start Menu\Programs\Startup\Memeo Launcher.lnk

backup=c:\windows\pss\Memeo Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Doctor]

2011-10-11 19:58 46424 ----a-w- c:\program files\Device Doctor\DDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]

2010-05-25 23:16 619008 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]

2008-09-02 13:34 210224 ----a-w- c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]

2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"NVSvc"=2 (0x2)

"nmservice"=2 (0x2)

"mozybackup"=2 (0x2)

"MDM"=2 (0x2)

"LinksysUpdater"=2 (0x2)

"LightScribeService"=2 (0x2)

"Delete Duplicate Files Scan on Schedule Service"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"stllssvr"=3 (0x3)

"ServiceLayer"=3 (0x3)

"RoxLiveShare9"=2 (0x2)

"Roxio Upnp Server 9"=2 (0x2)

"Roxio UPnP Renderer 9"=3 (0x3)

"Pml Driver HPZ12"=2 (0x2)

"wlidsvc"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Documents and Settings\\bdm\\My Documents\\Downloads\\cnet2_FLVPlayerSetup_exe (2).exe"=

"c:\\Program Files\\FinalTorrent\\FinalTorrent.EXE"=

"c:\\Program Files\\FinalTorrent\\FTCheckForUpdates.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

"67:UDP"= 67:UDP:DHCP Discovery Service

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R2 gupdate1ca1e7c83b7e348;Google Update Service (gupdate1ca1e7c83b7e348);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]

R3 FXDRV;FXDRV;D:\Fxdrv.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]

R4 Delete Duplicate Files Scan on Schedule Service;Delete Duplicate Files Scan on Schedule Service;c:\program files\Delete Duplicate Files\DDFS.exe [2008-07-02 208896]

R4 jsdbg;jsdbg;c:\windows\system32\drivers\jsdbg.sys [1999-09-22 50352]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-01-13 42672]

S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2012-01-13 80080]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Ztinternetsecurity\HIPS\drivers\fshs.sys [2012-01-13 68144]

S1 jsmux;jsmux;c:\windows\system32\drivers\jsmux.sys [1999-09-22 173880]

S1 jsscan;jsscan;c:\windows\system32\drivers\jsscan.sys [1999-09-22 56672]

S2 bzserv;Backblaze Service;c:\program files\Backblaze\bzserv.exe [2012-01-17 211240]

S2 Iprip;RIP Listener;c:\windows\System32\svchost.exe [2008-04-14 14336]

S2 jsfax;jsfax;c:\windows\system32\drivers\jsfax.sys [1999-09-22 59604]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Ztinternetsecurity\Anti-Virus\minifilter\fsgk.sys [2012-01-13 148632]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Ztinternetsecurity\ORSP Client\fsorsp.exe [2011-05-23 61088]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-03 c:\windows\Tasks\FinalTorrent Update Checker.job

- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2012-01-06 20:24]

.

2012-02-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 18:31]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 14:18]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 14:18]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1003Core.job

- c:\documents and settings\bdm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 08:45]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1003UA.job

- c:\documents and settings\bdm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 08:45]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1010Core.job

- c:\documents and settings\Augie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:50]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-725345543-1010UA.job

- c:\documents and settings\Augie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:50]

.

2012-02-03 c:\windows\Tasks\Scheduled scanning task.job

- c:\progra~1\ZTINTE~1\ANTI-V~1\fsav.exe [2010-09-21 13:29]

.

2012-02-03 c:\windows\Tasks\User_Feed_Synchronization-{8F4D6CD7-BB5D-4ED4-BC00-D805472D1C7B}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://cincymls.net/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

LSP: c:\program files\Ztinternetsecurity\FSPS\program\FSLSP.DLL

TCP: DhcpNameServer = 192.168.200.1

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-PowerBar - (no file)

SafeBoot-Wdf01000.sys

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

MSConfigStartUp-EasyLinkAdvisor - c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

MSConfigStartUp-nmctxth - c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-03 18:40

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ????????????l?@?l?@?D?????B~????????????&?B~l?@?l?@????? ?????????????D~0?B~????&?B~?xB~x????????xB~???????? ???????????s??|x???0???????????Q?stA?B~????????????????????i???????????l?@?l?@?????zwB~????t?@?????l?@?8?@?l?@????s????????????????????8?@?y??s8?@?8?@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-682003330-1078145449-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-682003330-1078145449-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:db,54,32,98,2d,0c,33,09,b8,d3,a6,ee,b5,6b,d9,54,8f,f9,25,ab,60,5a,bf,

41,5c,21,d0,9b,52,2b,c0,f3,1d,b8,e1,79,5e,e0,c8,f3,95,e6,17,3f,01,a4,5f,ee,\

"??"=hex:f6,68,ce,1a,a9,d5,36,16,60,f2,58,85,cc,bf,01,97

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(400)

c:\program files\ztinternetsecurity\hips\fshook32.dll

.

- - - - - - - > 'lsass.exe'(456)

c:\program files\Ztinternetsecurity\FSPS\program\FSLSP.DLL

c:\program files\ztinternetsecurity\hips\fshook32.dll

.

Completion time: 2012-02-03 18:46:30

ComboFix-quarantined-files.txt 2012-02-03 23:46

.

Pre-Run: 27,524,358,144 bytes free

Post-Run: 35,805,831,168 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

Link to post
Share on other sites

There is no reason to send me a PM. As I stated in my previous answer, I need to consult some other Experts, cause your logs indicates that the WMI service does not run, but the export of the service tells me the opposite.

Sometimes, it is much more work for us to find a solution for some problems as you may think.

2nd, I also have a real life, hobbies and a job. All my answers could take 30 minutes of my time in researching, reviewing and creating fixes.

Link to post
Share on other sites

Please download WMIDiag.exe from here to your desktop : http://www.microsoft.com/download/en/confirmation.aspx?id=7684

Double- click on the file to start it.

In the next prompt click Browse and choose your systemdrive ( Typically C: )

Press the Windows + R Key to bring up the Run Box, type in cmd and hit enter.

In the new window type in C:\wmidiag.vbs and hit enter.

The tool take a while and works in the background, so please be patient.

When done, a notepad window will appear. Please post the content here

Link to post
Share on other sites

Hello,

Thank you for your help.

1) ran program and got error message (error message may not be exactly as I have written since it disappears after a few seconds) and log

Error:

WMIDiag detected issues that could prevent WMI to work properly!:

Check c:\documents and settings\bdm\local settings\temp\wmidiag-v2.1_xp___.clip.sp32_brianhome-4E0798_2012.02.10_11.04.56.log' for details

Log:

.1397 11:06:28 (0) ** WMIDiag v2.1 started on Friday, February 10, 2012 at 11:06.

.1398 11:06:28 (0) **

.1399 11:06:28 (0) ** Copyright © Microsoft Corporation. All rights reserved - July 2007.

.1400 11:06:28 (0) **

.1401 11:06:28 (0) ** This script is not supported under any Microsoft standard support program or service.

.1402 11:06:28 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all

.1403 11:06:28 (0) ** implied warranties including, without limitation, any implied warranties of merchantability

.1404 11:06:28 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance

.1405 11:06:28 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,

.1406 11:06:28 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for

.1407 11:06:28 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,

.1408 11:06:28 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of

.1409 11:06:28 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised

.1410 11:06:28 (0) ** of the possibility of such damages.

.1411 11:06:28 (0) **

.1412 11:06:28 (0) **

.1413 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1414 11:06:28 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------

.1415 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1416 11:06:28 (0) **

.1417 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1418 11:06:28 (0) ** Windows XP - Service pack 3 - 32-bit (2600) - User 'BRIANHOM-4E079B\BDM' on computer 'BRIANHOM-4E079B'.

.1419 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1420 11:06:28 (0) ** Environment: ........................................................................................................ OK.

.1421 11:06:28 (0) ** There are no missing WMI system files: .............................................................................. OK.

.1422 11:06:28 (0) ** There are no missing WMI repository files: .......................................................................... OK.

.1423 11:06:28 (0) ** WMI repository state: ............................................................................................... NOT TESTED.

.1424 11:06:28 (0) ** AFTER running WMIDiag:

.1425 11:06:28 (0) ** The WMI repository has a size of: ................................................................................... 20 MB.

.1426 11:06:28 (0) ** - Disk free space on 'C:': .......................................................................................... 33928 MB.

.1427 11:06:28 (0) ** - INDEX.BTR, 1220608 bytes, 2/2/2012 5:55:10 PM

.1428 11:06:28 (0) ** - INDEX.MAP, 648 bytes, 2/2/2012 5:55:10 PM

.1429 11:06:28 (0) ** - MAPPING.VER, 4 bytes, 2/2/2012 12:38:53 AM

.1430 11:06:28 (0) ** - MAPPING1.MAP, 10456 bytes, 2/2/2012 5:55:10 PM

.1431 11:06:28 (0) ** - MAPPING2.MAP, 10456 bytes, 2/2/2012 5:54:41 PM

.1432 11:06:28 (0) ** - OBJECTS.DATA, 20004864 bytes, 2/2/2012 12:38:52 AM

.1433 11:06:28 (0) ** - OBJECTS.MAP, 9816 bytes, 2/2/2012 5:55:10 PM

.1434 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1435 11:06:28 (2) !! WARNING: Windows Firewall: .......................................................................................... DISABLED.

.1436 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1437 11:06:28 (2) !! WARNING: DCOM Status: ............................................................................................... WARNING!

.1438 11:06:28 (2) !! WARNING: => The DCOM Default Authentication is NOT set to 'Connect'.

.1439 11:06:28 (0) ** This could prevent WMI to work correctly.

.1440 11:06:28 (0) ** You can fix the DCOM configuration by:

.1441 11:06:28 (0) ** - Executing the 'DCOMCNFG.EXE' command.

.1442 11:06:28 (0) ** - Expanding 'Component Services' and 'Computers' nodes.

.1443 11:06:28 (0) ** - Editing properties of 'My Computer' node.

.1444 11:06:28 (0) ** - Editing the 'Default properties' tab.

.1445 11:06:28 (0) ** - Set the 'Default Authentication level' listbox to 'Connect'.

.1446 11:06:28 (0) ** From the command line, the DCOM configuration can be corrected with the following command:

.1447 11:06:28 (0) ** i.e. 'REG.EXE Add HKLM\SOFTWARE\Microsoft\Ole /v LegacyAuthenticationLevel /t REG_DWORD /d 2 /f'

.1448 11:06:28 (0) **

.1449 11:06:28 (0) ** WMI registry setup: ................................................................................................. OK.

.1450 11:06:28 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!

.1451 11:06:28 (0) ** - Security Center (WSCSVC, StartMode='Automatic')

.1452 11:06:28 (0) ** - Windows Firewall/Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Automatic')

.1453 11:06:28 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.

.1454 11:06:28 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but

.1455 11:06:28 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,

.1456 11:06:28 (0) ** this can prevent the service/application to work as expected.

.1457 11:06:28 (0) **

.1458 11:06:28 (0) ** RPCSS service: ...................................................................................................... OK (Already started).

.1459 11:06:28 (0) ** WINMGMT service: .................................................................................................... OK (Already started).

.1460 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1461 11:06:28 (0) ** WMI service DCOM setup: ............................................................................................. OK.

.1462 11:06:28 (0) ** WMI components DCOM registrations: .................................................................................. OK.

.1463 11:06:28 (0) ** WMI ProgID registrations: ........................................................................................... OK.

.1464 11:06:28 (0) ** WMI provider DCOM registrations: .................................................................................... OK.

.1465 11:06:28 (0) ** WMI provider CIM registrations: ..................................................................................... OK.

.1466 11:06:28 (0) ** WMI provider CLSIDs: ................................................................................................ OK.

.1467 11:06:28 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.

.1468 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1469 11:06:28 (0) ** Overall DCOM security status: ....................................................................................... OK.

.1470 11:06:28 (0) ** Overall WMI security status: ........................................................................................ OK.

.1471 11:06:28 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------

.1472 11:06:28 (0) ** WMI permanent SUBSCRIPTION(S): ...................................................................................... NONE.

.1473 11:06:28 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.

.1474 11:06:28 (1) !! ERROR: WMI ADAP status: ............................................................................................. NOT AVAILABLE.

.1475 11:06:28 (0) ** You can start the WMI AutoDiscovery/AutoPurge (ADAP) process to resynchronize

.1476 11:06:28 (0) ** the performance counters with the WMI performance classes with the following commands:

.1477 11:06:28 (0) ** i.e. 'WINMGMT.EXE /CLEARADAP'

.1478 11:06:28 (0) ** i.e. 'WINMGMT.EXE /RESYNCPERF'

.1479 11:06:28 (0) ** The ADAP process logs informative events in the Windows NT event log.

.1480 11:06:28 (0) ** More information can be found on MSDN at:

.1481 11:06:28 (0) ** http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi_adap_event_log_events.asp

.1482 11:06:28 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 1 ERROR(S)!

.1483 11:06:28 (0) ** - Root, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.

.1484 11:06:28 (0) **

.1485 11:06:28 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 5 ERROR(S)!

.1486 11:06:28 (0) ** - Root, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.

.1487 11:06:28 (0) ** - Root, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.

.1488 11:06:28 (0) ** - Root/Default, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.

.1489 11:06:28 (0) ** - Root/CIMv2, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.

.1490 11:06:28 (0) ** - Root/WMI, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.

.1491 11:06:28 (0) **

.1492 11:06:28 (0) ** WMI GET operations: ................................................................................................. OK.

.1493 11:06:28 (0) ** WMI MOF representations: ............................................................................................ OK.

.1494 11:06:28 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.

.1495 11:06:28 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.

.1496 11:06:28 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.

.1497 11:06:28 (0) ** WMI GET VALUE operations: ........................................................................................... OK.

.1498 11:06:28 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.

.1499 11:06:28 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.

.1500 11:06:28 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.

.1501 11:06:28 (0) ** WMI static instances retrieved: ..................................................................................... 0.

.1502 11:06:28 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.

.1503 11:06:28 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.

.1504 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1505 11:06:28 (0) **

.1506 11:06:28 (0) ** 6 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found

.1507 11:06:28 (0) ** => This error is typically a WMI error. This WMI error is due to:

.1508 11:06:28 (0) ** - a missing WMI class definition or object.

.1509 11:06:28 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).

.1510 11:06:28 (0) ** You can correct the missing class definitions by:

.1511 11:06:28 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.

.1512 11:06:28 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.

.1513 11:06:28 (0) ** (This list can be built on a similar and working WMI Windows installation)

.1514 11:06:28 (0) ** The following command line must be used:

.1515 11:06:28 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'

.1516 11:06:28 (0) ** - a WMI repository corruption.

.1517 11:06:28 (0) ** Under Windows XP SP2 and SP3, you can validate the repository consistency

.1518 11:06:28 (0) ** by executing the following command:

.1519 11:06:28 (0) ** i.e. 'WMIDiag CheckConsistency'

.1520 11:06:28 (0) ** Note: Under Windows XP SP2 and SP3, when the repository is checked and detected INCONSISTENT,

.1521 11:06:28 (0) ** a new repository is automatically re-created based on Auto-Recovery mechanism.

.1522 11:06:28 (0) ** Note that some information can be lost during this process (i.e. static data, CIM registration).

.1523 11:06:28 (0) ** However, the original repository is located at 'C:\WINDOWS\SYSTEM32\WBEM\Repository.001'.

.1524 11:06:28 (0) ** The computer must be rebooted for the system to work with the re-created repository.

.1525 11:06:28 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,

.1526 11:06:28 (0) ** otherwise some applications may fail after the reconstruction.

.1527 11:06:28 (0) ** This can be achieved with the following command:

.1528 11:06:28 (0) ** i.e. 'WMIDiag ShowMOFErrors'

.1529 11:06:28 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing

.1530 11:06:28 (0) ** ALL fixes previously mentioned.

.1531 11:06:28 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)

.1532 11:06:28 (0) **

.1533 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1534 11:06:28 (0) ** WMI Registry key setup: ............................................................................................. OK.

.1535 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1536 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1537 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1538 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1539 11:06:28 (0) **

.1540 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1541 11:06:28 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------

.1542 11:06:28 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

.1543 11:06:28 (0) **

.1544 11:06:28 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\BDM\LOCAL SETTINGS\TEMP\WMIDIAG-V2.1_XP___.CLI.SP3.32_BRIANHOM-4E079B_2012.02.10_11.06.15.LOG' for details.

.1545 11:06:28 (0) **

.1546 11:06:28 (0) ** WMIDiag v2.1 ended on Friday, February 10, 2012 at 11:06 (W:52 E:15 S:1).

Link to post
Share on other sites

Thanks :)

I also get this warning so I think that is nothing to worry about.

Please press the windows.jpg + R Key and Copy/Paste the following single-line command into the Run box and click OK

REG Add HKLM\SOFTWARE\Microsoft\Ole /v LegacyAuthenticationLevel /t REG_DWORD /d 2 /f

Reboot your Computer

Please launch DDS

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop and post both in your next reply

Please post in your next reply

dds.txt

attach.txt

Link to post
Share on other sites

done...reports are below

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by bdm at 13:41:58 on 2012-02-10

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://cincymls.net/

mStart Page = hxxp://home.sweetim.com/?crg=4.0003002

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\ztinternetsecurity\nrs\iescript\baselitmus.dll

TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\ztinternetsecurity\nrs\iescript\baselitmus.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll

uRun: [backblaze] "c:\program files\backblaze\bzbui.exe" -quiet

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [F-Secure Manager] "c:\program files\ztinternetsecurity\common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "c:\program files\ztinternetsecurity\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

dRun: [backblaze] "c:\program files\backblaze\bzbui.exe" -quiet

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hplase~1.lnk - c:\jetsuite\JETSTAT.EXE

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: c:\program files\ztinternetsecurity\fsps\program\FSLSP.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.200.1

TCP: Interfaces\{5339B1B0-5718-40BA-8267-43F5516AA1AB} : DhcpNameServer = 192.168.200.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-02-05 00:48:42 98816 ----a-w- c:\windows\sed.exe

2012-02-05 00:48:42 518144 ----a-w- c:\windows\SWREG.exe

2012-02-05 00:48:42 256000 ----a-w- c:\windows\PEV.exe

2012-02-05 00:48:42 208896 ----a-w- c:\windows\MBR.exe

2012-02-03 23:16:43 -------- d-sha-r- C:\cmdcons

2012-02-03 00:17:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-02 22:41:27 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-02-02 22:41:27 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-01 15:15:15 -------- d-----w- c:\windows\tmp

2012-01-31 08:16:38 -------- d-----w- C:\USMT2.UNC

2012-01-27 00:13:34 -------- d-----w- c:\documents and settings\bdm\application data\Nuance

2012-01-27 00:12:52 -------- d-----w- c:\documents and settings\bdm\application data\FLEXnet

2012-01-27 00:05:53 -------- d-----w- c:\program files\Nuance

2012-01-27 00:05:53 -------- d-----w- c:\documents and settings\all users\application data\Nuance

2012-01-26 22:47:19 -------- d-----w- c:\program files\Skype

2012-01-26 15:57:32 4576330 ----a-w- C:\WMIDiag.vbs

2012-01-16 13:27:03 -------- d-----w- c:\program files\common files\PCSuite

2012-01-16 13:26:19 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2012-01-16 13:26:09 -------- d-----w- c:\program files\PC Connectivity Solution

2012-01-16 13:25:38 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2012-01-16 13:25:37 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2012-01-16 13:25:36 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2012-01-16 13:25:35 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

.

==================== Find3M ====================

.

2012-01-13 13:42:49 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-01-13 13:29:15 80080 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2012-01-06 00:13:52 48128 ----a-w- c:\windows\system32\drivers\SiSRaid.sys

2012-01-06 00:13:51 135168 ----a-w- c:\windows\system32\property.dll

2012-01-06 00:02:50 32768 ----a-w- c:\windows\system32\drivers\sisnicxp.sys

2012-01-05 23:33:12 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-01-05 23:33:12 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-01-05 23:33:05 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-12-29 16:06:12 106496 ----a-w- c:\windows\system32\ATL71.DLL

2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll

2004-10-01 19:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

============= FINISH: 13:42:13.34 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

100% Free Euchre 7.40

1500

1500_Help

1500Trb

Acrobat.com

Adobe Acrobat 5.0

Adobe AIR

Adobe Reader X (10.0.1)

AFPL Ghostscript Fonts

AiO_Scan

AiOSoftware

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

Audacity 1.2.6

AutoUpdate

Backblaze

BlackBerry Desktop Software 6.1

BufferChm

Compatibility Pack for the 2007 Office system

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

Critical Update for Windows Media Player 11 (KB959772)

Delete Duplicate Files 2.9

Destinations

Device Doctor v2.1

DeviceManagementQFolder

DivX

DocProc

DVD Show

DVD Solution

eSupportQFolder

F-Secure PSC Prerequisites

Fax

File Type Assistant

GdiplusUpgrade

getPlus®_ocx

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Google Web Accelerator

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format SDK (KB902344)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Imaging Device Functions 5.3

HP Photosmart Essential

HP PSC & OfficeJet 5.3.B

HP Software Update

HP Solution Center & Imaging Support Tools 5.3

HPProductAssistant

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 7

J2SE Runtime Environment 5.0 Update 9

Java Auto Updater

Java 6 Update 2

Java 6 Update 29

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

JetSuite Pro for the HP LaserJet 3150

LG ODD Auto Firmware Update

LightScribe 1.4.74.1

Linksys EasyLink Advisor 1.5 (1044)

Lizardtech DjVu Control (autoinstall)

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Default Manager

Microsoft IntelliPoint 5.2

Microsoft IntelliType Pro 5.2

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Outlook Personal Folders Backup

Microsoft Silverlight

Microsoft UI Engine

Microsoft User-Mode Driver Framework Feature Pack 1.9

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC100_CRT_SP1_x86

MozyHome Remote Backup

MSVC80_x86_v2

MSVC90_x86

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB925673)

Multimedia Launcher

NewCopy

Nikon Message Center 2

Nitro PDF Professional

Nokia Connectivity Cable Driver

Nokia PC Internet Access

Nokia PC Suite

Nokia Suite

NVIDIA Control Panel 285.58

NVIDIA Graphics Driver 285.58

NVIDIA Install Application

office Convert Pdf to Jpg Jpeg Tiff Free 6.4

OGA Notifier 2.0.0048.0

Olympus Digital Wave Player

OpenOffice.org Installer 1.0

PC Connectivity Solution

Picasa 3

Picture Control Utility

PictureProject

PictureProject In Touch Downloader 1.0

PowerDVD

PowerProducer

ProductContext

Quicken 2009

QuickTime

Readme

RealPlayer

Realtek AC'97 Audio

Revo Uninstaller 1.75

Scan

ScannerCopy

SCRABBLE

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2124261)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2290570)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB913433)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB970483)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SiS 900 PCI Fast Ethernet Adapter Driver

SolutionCenter

Status

System Requirements Lab

Total Annihilation

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

ViewNX 2

WebEx

WebEx Support Manager for Internet Explorer

WebFldrs XP

WebReg

Windows Driver Package - Nokia Modem (02/25/2011 4.7)

Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows Media Connect

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 11

Windows Presentation Foundation

Windows Rights Management Client Backwards Compatibility SP2

Windows Rights Management Client with Service Pack 2

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

ZoomTown Internet Security

ZoomTown Software

.

==== End Of File ===========================

Link to post
Share on other sites

Hy there,

I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Enviroment 6 Update 30 and save it to your desktop.
  • Scroll down to where it says Java SE 6 Update 30
  • Click the red Download JRE button on the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u30-windows-i586 to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Make sure all are checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

There is a newer version of Adobe Acrobat Reader available.

  • Please go to this link Adobe Acrobat Reader Download Link
  • Untick Free McAfee® Security Scan Plus if you do not wish to include this in the installation.
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name.
  • Push the Back button.
  • Push Finish

Please post this logfile in your next reply

Please post in your next reply

MBAM Log

ESET Log

Note any open issues

Link to post
Share on other sites

Hello....I did not realize there was a 2nd page and for some reason I do not get emails when there are updates:

1) ran malwarebytes log below

2) removed old java and installed new java

3) installed adobe acrobat reader...could not remove "adobe reader x(10.0.1)"

4) ran online scanner log below...it found some issues...before I started with you I tried to uninstall the "bundlesweet" program but was unable to do so.

5) shield is still there and it does not recognize my antivirus software and my windows firewall keeps turning off every time I reboot or turn of and then turn on my antivirus software (I do not click on shield but just read the bubble telling me my computer might be at risk)

Thank you for your help!!

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.13.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

bdm :: BRIANHOM-4E079B [administrator]

2/13/2012 12:34:46 PM

mbam-log-2012-02-13 (12-34-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198053

Time elapsed: 10 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

C:\Documents and Settings\bdm\My Documents\Downloads\SoftonicDownloader_for_atf-cleaner.exe Win32/SoftonicDownloader.C application

C:\Documents and Settings\bdm\My Documents\Downloads\SweetImSetup (1).exe a variant of Win32/SweetIM.B application

C:\Documents and Settings\bdm\My Documents\Downloads\SweetIMSetup.exe a variant of Win32/SweetIM.B application

Link to post
Share on other sites

Hy there,

You do not need to enable the Windows FW. Your F- Secure includes a FW and may does not allow to enable the Windows FW.

In some cases, Windows does not notice you have an AVP installed and keeps popping up with this error message.

Open up your control panel, and then open the Security Center icon.

On the left hand side of the security center window, you will see a resources section. Click the bottom link, “Change the way Security Center alerts me”

This should disable this PopUp.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.