svchost.exe trojan found...

[devhead]

malware found svchost.exe trojan... the machine is going so slow I want to throw it out the window... mostly the kybd and mouse

thanks for the help btw...

dds

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Run by Strider at 22:10:26 on 2012-07-31

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1995 [GMT -5:00]

.

AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\afwServ.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\apache\xampp\apache\bin\httpd.exe

C:\WINDOWS\system32\ASWLSVC.exe

C:\WINDOWS\system32\ASWL2K.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\apache\xampp\mysql\bin\mysqld.exe

C:\Program Files\yaTimer\Updates\AutoUpdateService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\program files\subversion\bin\svnserve.exe

C:\apache\xampp\apache\bin\httpd.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\WordWeb\wweb32.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Quicknote\quicknote.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [Quicknote] c:\program files\quicknote\quicknote.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [info Center] c:\program files\pcpitstop\info center\InfoCenter.exe

mRun: [PC Pitstop PC Matic Reminder] c:\program files\pcpitstop\pc matic\Reminder-PCMatic.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: &Download with BitKinex - c:\program files\bitkinex\ieext_cp.htm

IE: &Register in BitKinex - c:\program files\bitkinex\ieext_reg.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - c:\program files\drmbuster\YouTubeRipper.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB

DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{317F4B59-F8A8-44B0-BAAE-BDA3A40FCB17} : DhcpNameServer = 10.59.1.1

TCP: Interfaces\{818D37DF-E1D5-48F5-A336-6D37FF271BD0} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8B248777-1A18-4AC3-89A7-765756AB2DFF} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{C6FE3F07-96E9-42A0-94C1-C68B92F2F061} : NameServer = 8.8.8.8,8.8.4.4

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\strider\application data\mozilla\firefox\profiles\stm7ht9n.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112050&babsrc=KW_ss&mntrId=8878c1b40000000000007071bca92549&q=

FF - prefs.js: network.proxy.type - 1

FF - plugin: c:\documents and settings\strider\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\documents and settings\strider\application data\mozilla\firefox\profiles\stm7ht9n.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\opera1010\program\plugins\np_gp.dll

FF - plugin: c:\program files\opera1010\program\plugins\npdsplay.dll

FF - plugin: c:\program files\opera1010\program\plugins\NPOFFICE.DLL

FF - plugin: c:\program files\opera1010\program\plugins\NPOFFICE.DLL

FF - plugin: c:\program files\opera1010\program\plugins\npqtplugin.dll

FF - plugin: c:\program files\opera1010\program\plugins\npqtplugin2.dll

FF - plugin: c:\program files\opera1010\program\plugins\npqtplugin3.dll

FF - plugin: c:\program files\opera1010\program\plugins\npqtplugin4.dll

FF - plugin: c:\program files\opera1010\program\plugins\npqtplugin5.dll

FF - plugin: c:\program files\opera1010\program\plugins\npqtplugin6.dll

FF - plugin: c:\program files\opera1010\program\plugins\npqtplugin7.dll

FF - plugin: c:\program files\opera1010\program\plugins\NPSWF32.dll

FF - plugin: c:\program files\opera1010\program\plugins\npwmsdrm.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

FF - Ext: Better JTV: {1fc895a6-2042-46ec-a61b-233165b4c218} - %profile%\extensions\{1fc895a6-2042-46ec-a61b-233165b4c218}

FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\fiddler2\FiddlerHook

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\strider\application data\Move Networks

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.id - 8878c1b40000000000007071bca92549

FF - user.js: extensions.BabylonToolbar_i.hardId - 8878c1b40000000000007071bca92549

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15534

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:55:09

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112050

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-1-31 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-1-31 202928]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-1-31 113776]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-2-25 18544]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-11-18 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-11-21 353688]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-11-23 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 67656]

R2 Apache2.2;Apache2.2;c:\apache\xampp\apache\bin\httpd.exe [2009-11-21 24640]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-21 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-18 44808]

R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2012-1-31 133912]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-2 655944]

R2 NBDUpdate;NBD Tech Auto Update;c:\program files\yatimer\updates\AutoUpdateService.exe [2012-7-12 6144]

R2 svn;Subversion Server;c:\program files\subversion\bin\svnserve.exe [2012-5-14 114768]

R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]

R3 DbusAudio;DbusAudio;c:\windows\system32\drivers\DbusAudio.sys [2011-5-5 23608]

R3 DbusVideo;DbusVideo;c:\windows\system32\drivers\DbusVideo.sys [2011-5-5 5688]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-2 22344]

R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2011-1-6 1323040]

R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [2009-12-2 31872]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2009-11-30 17792]

R4 KProcessHacker2;KProcessHacker2;c:\program files\process hacker 2\kprocesshacker.sys [2012-7-12 33352]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-25 136176]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]

S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [2011-6-23 1068216]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-21 1684736]

S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]

S3 GT680xNT;Visioneer OneTouch 7300 Driver;c:\windows\system32\drivers\Gt680x.sys [2011-8-12 17376]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-25 136176]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]

S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-7-30 91848]

S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-2-5 709248]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 12872]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-3-27 23064]

S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [2011-6-30 1449536]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 actiTIME;actiTIME Server;c:\program files\actitime\actitime_access.exe startasservice --> c:\program files\actitime\actitime_access.exe startAsService [?]

S4 BitKinex;BitKinex File Transfer Service;c:\program files\bitkinex\bitkinexsvc.exe dispatch --> c:\program files\bitkinex\bitkinexsvc.exe DISPATCH [?]

S4 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-11-21 68136]

S4 GSService;GSService;c:\windows\system32\GSService.exe [2011-5-5 745472]

S4 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840]

S4 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2011-5-5 243712]

.

=============== Created Last 30 ================

.

2012-07-30 15:24:02 -------- d-----w- c:\program files\PCPitstop

2012-07-29 04:02:33 -------- d-----w- c:\documents and settings\strider\local settings\application data\SecondLife

2012-07-29 04:01:55 -------- d-----w- c:\program files\SecondLifeViewer

2012-07-16 17:26:41 -------- d-----w- c:\documents and settings\strider\local settings\application data\TSVNCache

2012-07-16 17:21:01 -------- d-----w- c:\documents and settings\strider\application data\TortoiseSVN

2012-07-16 17:20:30 -------- d-----w- c:\documents and settings\strider\application data\Subversion

2012-07-16 17:20:08 -------- d-----w- c:\program files\TortoiseSVN

2012-07-16 17:20:08 -------- d-----w- c:\program files\common files\TortoiseOverlays

2012-07-16 16:53:31 -------- d-----w- c:\program files\Subversion

2012-07-13 03:55:04 -------- d-----w- c:\documents and settings\strider\application data\Babylon

2012-07-13 03:55:04 -------- d-----w- c:\documents and settings\all users\application data\Babylon

2012-07-12 20:42:58 -------- d-----w- c:\documents and settings\strider\application data\Process Hacker 2

2012-07-12 20:17:59 -------- d-----w- c:\program files\Process Hacker 2

2012-07-12 20:00:52 -------- d-----w- c:\documents and settings\strider\application data\NBD Tech

2012-07-12 20:00:32 -------- d-----w- c:\program files\yaTimer

.

==================== Find3M ====================

.

2012-07-27 11:02:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-27 11:02:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21:53 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-07-03 16:21:53 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-07-03 16:21:52 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr

2012-06-25 21:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec

2012-05-10 01:20:34 68275 ----a-w- c:\windows\IIF Transaction Creator Uninstaller.exe

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

============= FINISH: 22:11:21.85 ===============

attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/20/2009 11:15:41 PM

System Uptime: 7/30/2012 10:57:12 PM (24 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GM-US2H

Processor: AMD Athlon II X2 240 Processor | Socket M2 | 2812/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 33.939 GiB free.

D: is FIXED (NTFS) - 118 GiB total, 28.432 GiB free.

E: is FIXED (NTFS) - 118 GiB total, 7.476 GiB free.

F: is FIXED (NTFS) - 117 GiB total, 5.359 GiB free.

G: is FIXED (NTFS) - 113 GiB total, 11.849 GiB free.

H: is FIXED (NTFS) - 149 GiB total, 4.502 GiB free.

I: is CDROM ()

J: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP916: 5/20/2012 9:01:32 PM - System Checkpoint

RP917: 5/21/2012 9:32:58 PM - System Checkpoint

RP918: 5/22/2012 9:34:04 PM - System Checkpoint

RP919: 5/23/2012 9:52:31 PM - System Checkpoint

RP920: 5/25/2012 12:35:00 PM - System Checkpoint

RP921: 5/26/2012 1:04:49 PM - System Checkpoint

RP922: 5/27/2012 2:06:48 PM - System Checkpoint

RP923: 5/28/2012 3:03:06 PM - System Checkpoint

RP924: 5/29/2012 4:03:05 PM - System Checkpoint

RP925: 5/30/2012 5:44:49 PM - System Checkpoint

RP926: 5/31/2012 6:36:13 PM - System Checkpoint

RP927: 6/1/2012 7:11:05 PM - System Checkpoint

RP928: 6/2/2012 8:09:59 PM - System Checkpoint

RP929: 6/3/2012 8:43:51 PM - System Checkpoint

RP930: 6/4/2012 9:31:18 PM - System Checkpoint

RP931: 6/5/2012 6:00:16 AM - Software Distribution Service 3.0

RP932: 6/6/2012 6:27:29 AM - System Checkpoint

RP933: 6/7/2012 6:54:58 AM - System Checkpoint

RP934: 6/8/2012 7:12:43 AM - System Checkpoint

RP935: 6/9/2012 7:51:12 AM - System Checkpoint

RP936: 6/10/2012 8:03:02 AM - System Checkpoint

RP937: 6/11/2012 8:25:05 AM - System Checkpoint

RP938: 6/12/2012 8:25:54 AM - System Checkpoint

RP939: 6/13/2012 9:28:33 AM - System Checkpoint

RP940: 6/14/2012 6:00:18 AM - Software Distribution Service 3.0

RP941: 6/15/2012 6:25:13 AM - System Checkpoint

RP942: 6/16/2012 7:23:18 AM - System Checkpoint

RP943: 6/17/2012 7:50:29 AM - System Checkpoint

RP944: 6/18/2012 12:07:15 PM - System Checkpoint

RP945: 6/19/2012 1:31:24 PM - System Checkpoint

RP946: 6/20/2012 6:58:20 PM - System Checkpoint

RP947: 6/21/2012 7:50:45 PM - System Checkpoint

RP948: 6/22/2012 7:51:46 PM - System Checkpoint

RP949: 6/23/2012 8:15:30 PM - System Checkpoint

RP950: 6/24/2012 9:29:04 PM - System Checkpoint

RP951: 6/26/2012 1:02:44 AM - System Checkpoint

RP952: 6/27/2012 1:47:19 AM - System Checkpoint

RP953: 6/28/2012 2:47:19 AM - System Checkpoint

RP954: 6/29/2012 2:48:40 AM - System Checkpoint

RP955: 6/30/2012 3:10:30 AM - System Checkpoint

RP956: 7/1/2012 3:47:32 AM - System Checkpoint

RP957: 7/2/2012 3:54:51 AM - System Checkpoint

RP958: 7/3/2012 4:06:12 AM - System Checkpoint

RP959: 7/4/2012 4:52:18 AM - System Checkpoint

RP960: 7/5/2012 5:52:18 AM - System Checkpoint

RP961: 7/6/2012 6:52:19 AM - System Checkpoint

RP962: 7/7/2012 7:22:09 AM - System Checkpoint

RP963: 7/8/2012 8:22:10 AM - System Checkpoint

RP964: 7/9/2012 9:58:40 AM - System Checkpoint

RP965: 7/10/2012 11:27:26 AM - System Checkpoint

RP966: 7/11/2012 6:00:19 AM - Software Distribution Service 3.0

RP967: 7/12/2012 6:57:33 AM - System Checkpoint

RP968: 7/13/2012 7:35:49 AM - System Checkpoint

RP969: 7/14/2012 12:29:13 AM - Removed BabylonObjectInstaller

RP970: 7/14/2012 12:34:09 AM - Removed Skype Click to Call

RP971: 7/15/2012 2:10:02 AM - System Checkpoint

RP972: 7/16/2012 2:24:11 AM - System Checkpoint

RP973: 7/16/2012 11:53:30 AM - Installed Subversion

RP974: 7/16/2012 12:20:07 PM - Installed TortoiseSVN 1.7.7.22907 (32 bit)

RP975: 7/17/2012 12:56:19 PM - System Checkpoint

RP976: 7/18/2012 12:58:11 PM - System Checkpoint

RP977: 7/19/2012 1:58:42 PM - System Checkpoint

RP978: 7/20/2012 2:11:06 PM - System Checkpoint

RP979: 7/21/2012 3:03:29 PM - System Checkpoint

RP980: 7/22/2012 3:17:43 PM - System Checkpoint

RP981: 7/23/2012 3:23:51 PM - System Checkpoint

RP982: 7/24/2012 5:12:29 PM - System Checkpoint

RP983: 7/25/2012 5:43:22 PM - System Checkpoint

RP984: 7/26/2012 5:51:22 PM - System Checkpoint

RP985: 7/27/2012 7:16:11 PM - System Checkpoint

RP986: 7/28/2012 8:12:47 PM - System Checkpoint

RP987: 7/29/2012 8:27:32 PM - System Checkpoint

RP988: 7/30/2012 9:09:18 PM - System Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

4200

4200_Help

4200Tour

4200Trb

7-Zip 4.65

Acrobat.com

actiTIME 3.0 with Management and Accounting Extensions (Trial)

Activity and Authentication Analyzer, 1.64

Adobe AIR

Adobe Flash Media Live Encoder 3

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop 7.0

Adobe Reader X (10.1.0)

AiO_Scan

AiOSoftware

AllNetic Working Time Tracker

Amazon Unbox Video

AMD Processor Driver

Any DVD Converter Professional 4.0.7

Any Video Converter 2.7.3

Apple Application Support

Apple Software Update

ArcSoft VideoImpression 2

ArcSoft WebCam Companion 2

Ashampoo Burning Studio 6 FREE v.6.80

ASUS WLAN Card Utilities/Driver

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

ATI Parental Control & Encoder

Audacity 1.3.12 (Unicode)

avast! Internet Security

AVS Update Manager 1.0

AVS Video Converter 6

AVS Video Editor 4 4.2.1.166

AVS Video Recorder 2.4 (Service Version)

AVS YouTube Uploader version 2.1

AVS4YOU Software Navigator 1.3

BitKinex

bitRipper

BitTorrent

BRC IIF Transaction Creator

BufferChm

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Localization All

CATraxx

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco Network Magic

Cisco WebEx Meetings

Cole2k Media - Codec Pack (Advanced) 7.9.1

Compatibility Pack for the 2007 Office system

Copy

CreativeProjects

CreativeProjectsTemplates

CSDiff

CueTour

DebugMode Wax 2.0

Destinations

Director

Directory Lister Pro v1.41

DivX Setup

DocProc

DocumentViewer

DRMBuster 4.2.1

DVD Decrypter (Remove Only)

DVD Shrink 3.2

DVDFab 8.0.7.3 (29/01/2011)

EasySaver B9.0904.1

FastStone Image Viewer 4.2

Fax

FFmpeg for Audacity on Windows

Fiddler2

Flock (2.5.6)

FTP Commander Pro 8.03

FTPEditor 4.0

GIMP 2.6.11

GNU Privacy Guard

GnuCash 2.2.9

Google Earth Plug-in

Google Update Helper

HAPquery

Hot CPU Tester Pro 4.4.1

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format 11 SDK (KB939209)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

HP Diagnostic Assistant

HP Image Zone 4.2

HP Photosmart 5510 series Basic Device Software

HP Photosmart C4400 All-In-One Driver 11.0 Rel .3

HP PSC & OfficeJet 4.2

HP Software Update

HPSystemDiagnostics

Icon Suite 2.1.12

ImageMagick 6.6.0-1 Q16 (2010-03-15)

InstantShare

InterActual Player

Java Auto Updater

Java 6 Update 20

K-Lite Codec Pack 5.5.1 (Full)

LAME v3.98.2 for Audacity

Linksys Wireless Manager

Macromedia Contribute 3.11

Macromedia Dreamweaver 8

Macromedia Extension Manager

Macromedia Fireworks 8

Macromedia Flash 8

Macromedia Flash 8 Video Encoder

Magic ISO Maker v5.5 (build 0281)

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Network Monitor 3.4

Microsoft Network Monitor: NetworkMonitor Parsers 3.4

Microsoft Office 2003 Primary Interop Assemblies

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio 2005 Tools for Office Runtime

Move Media Player

Moyea Flash Video MX Pro Version: 5.0.9.0

Mozilla Firefox (3.6.13)

Mozilla Sunbird (0.9)

Mozilla Thunderbird 14.0 (x86 en-US)

MSI to redistribute MS VS2005 CRT libraries

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

MySQL Connector/ODBC 5.1

Network Magic

Notepad++

Opera 10.10

Overland

Pamela Basic 4.6

PC Matic 1.1.0.48

PC Pitstop Info Center 1.0.0.13

PDFCreator

PhotoGallery

PokerStars.net

PrintScreen

Process Hacker 2.28 (r5073)

ProductContext

PS_AIO_03_C4400_Software_Min

PSPad editor

PST-Timesheet ver 4.1

Pure Networks Platform

PuTTY version 0.60

QFolder

QuickBooks

QuickBooks Premier: Professional Services Edition 2011

Quicknote 4.6

QuickProjects

QuickTime

Readme

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

RedNotebook 1.0.0

Replay Media Catcher 4

Safari

Scan

SecondLifeViewer (remove only)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

SEO PowerSuite

SimCity 4 Deluxe

Skins

SkinsHP1

Skype™ 5.10

SMAC 2.0

SpeedFan (remove only)

SQLite ODBC Driver (remove only)

Subversion

Super Webcam

SUPERAntiSpyware Free Edition

The Font Thing

The KMPlayer (remove only)

The Sims Deluxe Edition

Toolbox

TortoiseSVN 1.7.7.22907 (32 bit)

Total Commander (Remove or Repair)

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.4053

Video Fixer 3.23

VLC media player 1.1.10

WebFldrs XP

WebReg

Winamp

Winamp Detector Plug-in

Winamp Essentials Pack

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Encoder 9 Series

Windows Media Encoder 9 Series SDK

Windows Media Format 11 runtime

Windows Media Player 11

WinPcap 4.1.2

Wireshark 1.6.0

WordWeb

yaTimer 2.8

.

==== Event Viewer Messages From Past Week ========

.

7/30/2012 11:51:35 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

7/30/2012 10:53:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Subversion Server service to connect.

7/30/2012 10:53:43 AM, error: Service Control Manager [7000] - The Subversion Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/25/2012 6:48:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pure Networks Platform Service service to connect.

7/25/2012 6:48:53 PM, error: Service Control Manager [7000] - The WebcamMax, WDM Video Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

7/25/2012 6:48:53 PM, error: Service Control Manager [7000] - The Pure Networks Platform Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/25/2012 6:46:06 PM, error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error 1 (0x1).

.

==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Before we proceed further, please uninstall or disable BitTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwar...showtopic=97700

----------------------------------------

Then........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

(Babylon)

[devhead]

here is the report

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Strider [Admin rights]

Mode: Scan -- Date: 08/01/2012 08:53:29

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[PROXY FF] stm7ht9n.default\ :0 -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

IRP[iRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)

IRP[iRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)

IRP[iRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)

IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)

IRP[iRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)

IRP[iRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 www.testphp.home

127.0.0.1 www.fyrcat.home

127.0.0.1 www.rpd.home

127.0.0.1 www.superwebcam.com

127.0.0.1 www.boonex.home

127.0.0.1 www.retc.home

127.0.0.1 www.retc-web.home

127.0.0.1 www.fyrmp3.home

127.0.0.1 www.aquavie.home

127.0.0.1 www.timetracker.home

127.0.0.1 www.dotproject.home

127.0.0.1 www.temp.home

127.0.0.1 www.fyrweb.home

127.0.0.1 www.mom.home

127.0.0.1 www.daysinn.home

127.0.0.1 www.invdaysinn.home

127.0.0.1 www.sos.home

127.0.0.1 www.buddy.home

127.0.0.1 www.phpc.home

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-60M0A0 +++++

--- User ---

[MBR] 48398d789eb5070c6cbf54758f9b6c09

[bSP] d19c2b90ecbdf10275d2d9417c96daa3 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152233 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 311773455 | Size: 153009 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AACS-00G8B1 +++++

--- User ---

[MBR] 09ecb7d6af3a7c1d48a40ad1007f7f77

[bSP] eac257a8c643506f0e44334dc609b731 : Standard MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 120911 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 247625910 | Size: 356026 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[devhead]

the erunt link had database errors on their site so I got it from http://www.bleepingcomputer.com/download/erunt/dl/96/ ... I downloaded a couple of other things from this site today... I don't know if it is a good site or not but some of the other sites that had it listed I don't trust that much...

I attached the tdsskiller file

TDSSKiller.2.7.48.0_01.08.2012_09.27.29_log.zip

[MrCharlie]

That was a good site, the others are down right now...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[devhead]

ok I did the combo fix... I think it errored out the first time I ran it so I ran it again the following is the results file

ComboFix 12-07-31.03 - Strider 08/01/2012 10:28:14.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2037 [GMT -5:00]

Running from: c:\documents and settings\Strider\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Strider\Application Data\mIRC\logs\status.log

c:\documents and settings\Strider\Recent\access.cnf

c:\documents and settings\Strider\Recent\botinfs.cnf

c:\documents and settings\Strider\Recent\bots.cnf

c:\documents and settings\Strider\Recent\service.cnf

c:\documents and settings\Strider\Recent\services (2).cnf

c:\documents and settings\Strider\Recent\services.cnf

c:\documents and settings\Strider\Recent\svcacl.cnf

c:\documents and settings\Strider\WINDOWS

C:\Documents

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\SwSys1.bmp

c:\windows\SwSys2.bmp

c:\windows\system32\drivers\wdreg.exe

c:\windows\system32\SET19A.tmp

c:\windows\system32\SET7CE.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\system32\zip32.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))

.

.

2012-08-01 14:25 . 2012-08-01 14:26 -------- d-----w- c:\program files\ERUNT

2012-07-30 15:24 . 2012-07-30 15:24 -------- d-----w- c:\program files\PCPitstop

2012-07-29 04:02 . 2012-07-29 04:05 -------- d-----w- c:\documents and settings\Strider\Application Data\SecondLife

2012-07-29 04:02 . 2012-07-30 02:26 -------- d-----w- c:\documents and settings\Strider\Local Settings\Application Data\SecondLife

2012-07-29 04:01 . 2012-07-29 04:02 -------- d-----w- c:\program files\SecondLifeViewer

2012-07-16 17:26 . 2012-07-31 04:01 -------- d-----w- c:\documents and settings\Strider\Local Settings\Application Data\TSVNCache

2012-07-16 17:21 . 2012-07-16 17:21 -------- d-----w- c:\documents and settings\Strider\Application Data\TortoiseSVN

2012-07-16 17:20 . 2012-07-16 17:20 -------- d-----w- c:\documents and settings\Strider\Application Data\Subversion

2012-07-16 17:20 . 2012-07-16 17:20 -------- d-----w- c:\program files\TortoiseSVN

2012-07-16 17:20 . 2012-07-16 17:20 -------- d-----w- c:\program files\Common Files\TortoiseOverlays

2012-07-16 16:53 . 2012-07-16 16:53 -------- d-----w- c:\program files\Subversion

2012-07-13 03:55 . 2012-07-13 03:55 237 ----a-w- C:\user.js

2012-07-13 03:55 . 2012-07-13 03:55 -------- d-----w- c:\documents and settings\Strider\Application Data\Babylon

2012-07-13 03:55 . 2012-07-13 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

2012-07-12 20:42 . 2012-07-31 23:03 -------- d-----w- c:\documents and settings\Strider\Application Data\Process Hacker 2

2012-07-12 20:17 . 2012-07-12 20:17 -------- d-----w- c:\program files\Process Hacker 2

2012-07-12 20:00 . 2012-07-12 20:00 -------- d-----w- c:\documents and settings\Strider\Application Data\NBD Tech

2012-07-12 20:00 . 2012-07-12 20:00 -------- d-----w- c:\program files\yaTimer

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-01 14:33 . 2012-08-01 14:33 37322 ----a-w- C:\TDSSKiller.2.7.48.0_01.08.2012_09.27.29_log.zip

2012-07-27 11:02 . 2012-03-30 09:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-27 11:02 . 2011-05-19 23:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 18:46 . 2009-12-03 01:06 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21 . 2009-11-21 05:43 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2012-02-25 22:36 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-07-03 16:21 . 2012-01-31 11:17 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-07-03 16:21 . 2010-11-18 20:24 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2009-11-21 05:43 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-07-03 16:21 . 2009-11-21 05:43 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-07-03 16:21 . 2009-11-21 05:43 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-07-03 16:21 . 2009-11-21 05:43 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2009-11-21 05:43 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2012-01-31 11:17 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-07-03 16:21 . 2009-11-21 05:43 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-07-03 16:21 . 2010-11-18 20:23 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2009-11-21 05:43 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll

2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19 . 2009-08-07 01:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19 . 2009-11-21 05:12 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 20:19 . 2009-11-21 05:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19 . 2009-11-21 05:12 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19 . 2009-11-21 05:12 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 20:19 . 2009-11-21 05:12 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 20:19 . 2009-08-07 01:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 20:19 . 2009-08-07 01:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:19 . 2009-11-21 05:12 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 20:19 . 2009-11-21 05:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 20:18 . 2011-06-11 21:01 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 20:18 . 2011-06-11 21:01 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 20:18 . 2011-06-11 21:01 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-05-04 13:16 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-24 13:57 . 2011-08-24 13:57 294712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Quicknote"="c:\program files\Quicknote\quicknote.exe" [2011-07-14 1253376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]

"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]

"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-09 65216]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-06-18 647216]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-05-16 26816]

"PC Pitstop PC Matic Reminder"="c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe" [2012-05-16 325320]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\documents and settings\Strider\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk

backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OSR_TinyWeb.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OSR_TinyWeb.lnk

backup=c:\windows\pss\OSR_TinyWeb.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Strider^Start Menu^Programs^Startup^IglooFTP PRO Monitor.lnk]

path=c:\documents and settings\Strider\Start Menu\Programs\Startup\IglooFTP PRO Monitor.lnk

backup=c:\windows\pss\IglooFTP PRO Monitor.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Strider^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]

path=c:\documents and settings\Strider\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-04 00:43 69632 ----a-w- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-03-18 16:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate]

2001-07-03 19:12 176128 ----a-w- c:\windows\system32\BMUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Control Center]

2011-02-08 16:00 1799168 ----a-w- c:\program files\ASUS\WLAN Card Utilities\Center.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2004-05-12 21:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2004-02-12 19:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2010-12-20 07:03 1483016 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Linksys Wireless Manager]

2009-06-24 02:57 1366064 ----a-r- c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]

2009-06-19 06:02 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop PC Matic Reminder]

2012-05-16 21:29 325320 ----a-w- c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-01-16 11:20 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"NAUpdate"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"gupdate"=2 (0x2)

"Bonjour Service"=2 (0x2)

"mnmsrvc"=3 (0x3)

"CryptSvc"=3 (0x3)

"CiSvc"=3 (0x3)

"BITS"=3 (0x3)

"BitKinex"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"ACDaemon"=2 (0x2)

"ADVService"=3 (0x3)

"gupdatem"=3 (0x3)

"SMServer"=3 (0x3)

"rpcapd"=3 (0x3)

"idsvc"=3 (0x3)

"GSService"=3 (0x3)

"ES lite Service"=2 (0x2)

"actiTIME"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\utils\\LeechFTP\\Leechftp.exe"=

"c:\\Program Files\\Opera1010\\opera.exe"=

"c:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=

"c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\AllNetic Working Time Tracker\\WorkingTimeTracker.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Program Files\\Safari\\Safari.exe"=

"c:\\Program Files\\Directory Lister Pro\\DirListerPro.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\SecondLifeViewer\\SLVoice.exe"=

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [1/31/2012 6:17 AM 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [1/31/2012 6:17 AM 202928]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/1/2010 7:45 AM 691696]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [1/31/2012 6:17 AM 113776]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2/25/2012 5:36 PM 18544]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/18/2010 3:24 PM 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/21/2009 12:43 AM 353688]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 9:43 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 9:43 AM 67656]

R2 Apache2.2;Apache2.2;c:\apache\xampp\apache\bin\httpd.exe [11/21/2009 10:44 AM 24640]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/21/2009 12:43 AM 21256]

R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [1/31/2012 6:17 AM 133912]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/2/2009 8:06 PM 655944]

R2 NBDUpdate;NBD Tech Auto Update;c:\program files\yaTimer\Updates\AutoUpdateService.exe [7/12/2012 3:00 PM 6144]

R2 svn;Subversion Server;c:\program files\Subversion\bin\svnserve.exe [5/14/2012 1:35 PM 114768]

R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [6/24/2010 1:46 PM 28256]

R3 DbusAudio;DbusAudio;c:\windows\system32\drivers\DbusAudio.sys [5/5/2011 7:26 AM 23608]

R3 DbusVideo;DbusVideo;c:\windows\system32\drivers\DbusVideo.sys [5/5/2011 7:26 AM 5688]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/2/2009 8:06 PM 22344]

R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [1/6/2011 5:23 PM 1323040]

R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [12/2/2009 9:55 PM 31872]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [11/30/2009 11:43 AM 17792]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/25/2010 4:44 PM 136176]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 7:12 PM 160944]

S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [6/23/2011 1:43 AM 1068216]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 4:50 AM 250056]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/21/2009 12:34 AM 1684736]

S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [6/24/2010 1:46 PM 28256]

S3 GT680xNT;Visioneer OneTouch 7300 Driver;c:\windows\system32\drivers\Gt680x.sys [8/12/2011 5:44 AM 17376]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/25/2010 4:44 PM 136176]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 12:07 PM 35088]

S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [7/30/2012 10:24 AM 91848]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 9:43 AM 12872]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [3/27/2009 2:23 PM 23064]

S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [6/30/2011 4:42 PM 1449536]

S4 actiTIME;actiTIME Server;c:\program files\actiTIME\actitime_access.exe startAsService --> c:\program files\actiTIME\actitime_access.exe startAsService [?]

S4 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [11/21/2009 12:30 AM 68136]

S4 GSService;GSService;c:\windows\system32\GSService.exe [5/5/2011 7:26 AM 745472]

S4 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/2/2010 2:02 PM 1251840]

S4 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [5/5/2011 7:26 AM 243712]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:02]

.

2012-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2012-08-01 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-09 16:21]

.

2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 11:10]

.

2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 11:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8B248777-1A18-4AC3-89A7-765756AB2DFF}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{C6FE3F07-96E9-42A0-94C1-C68B92F2F061}: NameServer = 8.8.8.8,8.8.4.4

DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB

FF - ProfilePath - c:\documents and settings\Strider\Application Data\Mozilla\Firefox\Profiles\stm7ht9n.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112050&babsrc=KW_ss&mntrId=8878c1b40000000000007071bca92549&q=

FF - prefs.js: network.proxy.type - 1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

FF - Ext: Better JTV: {1fc895a6-2042-46ec-a61b-233165b4c218} - %profile%\extensions\{1fc895a6-2042-46ec-a61b-233165b4c218}

FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\Fiddler2\FiddlerHook

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Strider\Application Data\Move Networks

FF - user.js: extensions.BabylonToolbar_i.id - 8878c1b40000000000007071bca92549

FF - user.js: extensions.BabylonToolbar_i.hardId - 8878c1b40000000000007071bca92549

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15534

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:55

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112050

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-Antamedia DBServer - c:\antamedia\DBServer\ADBServer.exe

MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe

MSConfigStartUp-Google Update - c:\documents and settings\Strider\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-Java - c:\documents and settings\Strider\Application Data\Patch1.exe

MSConfigStartUp-LogitechSoftwareUpdate - c:\program files\Logitech\Video\ManifestEngine.exe

MSConfigStartUp-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe

MSConfigStartUp-LogitechVideoTray - c:\program files\Logitech\Video\LogiTray.exe

MSConfigStartUp-LVCOMSX - c:\windows\system32\LVCOMSX.EXE

AddRemove-JC&MB Quicknote_is1 - c:\program files\Quicknote\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-01 10:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,0f,f7,1b,89,54,6f,46,bd,78,34,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,0f,f7,1b,89,54,6f,46,bd,78,34,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(2040)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2012-08-01 10:41:17

ComboFix-quarantined-files.txt 2012-08-01 15:40

.

Pre-Run: 38,205,206,528 bytes free

Post-Run: 43,615,916,032 bytes free

.

- - End Of File - - AEEB85E5505484A0DD89A4D108CE2AD1

[MrCharlie]

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[devhead]

mbam came back ok.... it is a lot better than it was... it had gotten to the point that I was typing 8 characters ahead of what the screen was showing... I really appreciate the help

I had gotten kind of paranoid about doing the work on sites ... logging in on cpanel etc...

thanks

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.01.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Strider :: OSCWORKS-12 [administrator]

Protection: Enabled

8/1/2012 11:29:26 AM

mbam-log-2012-08-01 (11-29-26).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 232085

Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!