Jump to content

Recurring Infection: I *think* a Tracur.F Trojan


Recommended Posts

Hi guys,

I've had a recurring infection now for about three weeks. The main symptom is a google search link redirect in firefox. I have been prompted several time to allow 'XUL Cache' in firefox, but I never allow it. It somehow did manage to get into my addons, but I removed it.

Ive run combofix and ESET scanner which always seem to solve the problem, but only for a few days and the infection returns again.

ESET always reports fining a 'Win32/Trojan Downloader Tracur.F.Trojan'

I think I need to go through a stepwise solution to find out how the problem keeps reoccurring and what to eliminate.

Malwarebytes never finds anything, nor does TDSS Killer, Hitman Pro, Adaware, Power eraser, Spybot, etc. AVG never finds anything nor does it alert me when it's going on. Kind of at my wits end. Dont want to really do a full OS wipe & reinstall if I can help it.

I appreciate any help in advance. Below is my DDS log and attached is my zipped attach.txt

Thanks so much, Jeff

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_23

Run by Jeff Pierce at 9:55:19 on 2011-11-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1160 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\MMKeybd.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\Netropa\OSD.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Trojan Cease\TrojanCease.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\TechSmith\Snagit 10\Snagit32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe

C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe

C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\HPZinw12.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [DellTouch] c:\windows\MMKeybd.exe

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [TrojanCease.exe] c:\program files\trojan cease\TrojanCease.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{FB3BC6B4-427D-4BC5-8DEB-A9829B8F36CD} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jeff pierce\application data\mozilla\firefox\profiles\mbc75vgw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\documents and settings\jeff pierce\application data\mozilla\firefox\profiles\mbc75vgw.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - plugin: c:\documents and settings\jeff pierce\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extentions.y2layers.installId, 7418fc95-e52c-4b47-affb-c03d34c976e9

.

============= SERVICES / DRIVERS ===============

.

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-9-26 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-10-23 47640]

R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2011-9-6 28672]

R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2011-9-6 6656]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-11-15 13:51:40 98816 ----a-w- c:\windows\sed.exe

2011-11-15 13:51:40 518144 ----a-w- c:\windows\SWREG.exe

2011-11-15 13:51:40 256000 ----a-w- c:\windows\PEV.exe

2011-11-15 13:51:40 208896 ----a-w- c:\windows\MBR.exe

2011-11-15 12:58:27 -------- d-----w- c:\program files\Trojan Cease

2011-11-12 19:46:49 163840 ----a-w- c:\windows\system32\CNDUK175.dll

2011-11-12 19:46:49 118867 ----a-w- c:\windows\system32\DSLLK175.dll

2011-11-12 19:46:48 94208 ----a-w- c:\windows\system32\CNDCK175.dll

2011-11-12 19:46:48 40960 ----a-w- c:\windows\system32\CNDNDlg.exe

2011-11-12 19:46:46 -------- d-----w- c:\program files\Canon

2011-11-10 03:36:24 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-10 03:36:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-09 14:20:00 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2011-11-09 03:12:30 -------- d-----w- c:\program files\ESET

2011-11-09 02:08:24 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-11-09 02:08:24 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-11-09 01:47:31 -------- d-----w- c:\windows\pss

2011-11-08 23:10:26 -------- d-sha-r- C:\cmdcons

2011-11-08 22:49:00 -------- d-----w- c:\documents and settings\jeff pierce\local settings\application data\NPE

2011-11-08 22:49:00 -------- d-----w- c:\documents and settings\all users\application data\Norton

2011-11-08 22:26:09 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-11-08 22:25:41 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro

2011-11-08 21:21:53 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-11-08 19:37:51 -------- d-----w- c:\documents and settings\jeff pierce\application data\Malwarebytes

2011-11-08 19:37:39 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-06 13:33:10 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-11-06 13:29:02 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-11-05 22:01:16 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll

2011-11-05 22:01:16 -------- d-----w- c:\documents and settings\jeff pierce\application data\Catalina Marketing Corp

2011-11-05 11:38:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-11-04 17:10:55 -------- d-----w- c:\program files\Amazon

2011-11-03 00:55:45 -------- d-----w- c:\documents and settings\jeff pierce\local settings\application data\Akamai

2011-11-02 02:36:57 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-02 02:36:57 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-02 02:36:57 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-10-26 22:04:42 -------- d-----w- c:\documents and settings\jeff pierce\application data\Canneverbe Limited

2011-10-26 22:04:42 -------- d-----w- c:\documents and settings\all users\application data\Canneverbe Limited

2011-10-26 22:04:30 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2011-10-23 14:03:42 21728 ----a-w- c:\windows\system32\wucltui.dll.mui

2011-10-23 14:03:42 -------- d-----w- c:\windows\system32\SoftwareDistribution

2011-10-23 14:03:40 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui

2011-10-23 14:03:36 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2011-10-23 14:03:34 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-10-23 14:03:06 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2011-10-23 14:03:06 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-10-23 14:03:05 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-23 14:03:05 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2011-10-23 14:02:50 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-23 14:02:36 -------- d-----w- c:\program files\LogMeIn

2011-10-17 17:03:32 -------- d-----w- c:\program files\iPod

2011-10-17 17:03:29 -------- d-----w- c:\program files\iTunes

2011-10-17 16:59:10 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-11-04 18:18:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-27 02:11:23 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-09-16 19:10:24 25248 ----a-w- c:\windows\system32\lmimirr.dll

2011-09-16 19:10:24 11552 ----a-w- c:\windows\system32\lmimirr2.dll

2011-09-16 19:10:24 10144 ----a-w- c:\windows\system32\drivers\lmimirr.sys

2011-09-05 22:44:26 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe

2011-09-05 22:44:26 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 03:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll

.

============= FINISH: 9:55:44.96 ===============

attach.zip

Link to post
Share on other sites

Hello Jeff! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

There are a lot of work here because you decided to act on your head. Therefore there made ​​many serious errors. However, I will try to help you to fix them.

Step 1

Now it's time to clean the cache of Java, because of malware. Malware that could be found in this cache directory are not associated with the Java that was downloaded and installed on the system. A cache directory is aa temporary storage location. When the browser runs an applet or application, Java stores files into its cache directory for better performance.

Click Start => Control Panel.

Double-click the Java icon in the control panel. The Java Control Panel appears.

plugin_cache1.jpg

Click Settings under Temporary Internet Files. The Temporary Files Settings dialog box appears.

plugin_cache2.jpg

Click Delete Files. The Delete Temporary Files dialog box appears.

plugin_cache3.jpg

Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window. Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.

Step 2

Installed and cleaned were many applications on this system, so now there are many remnants which shuld be cleaned.

Please download AppRemover:

http://www.appremover.com/get/appremover.exe

Then follow the instructions from How to Use AppRemover to Clean Up a Failed Uninstall here:

http://www.appremover.com/faq/about/using-appremover.html

In your next reply, please post a new fresh DDS log file with Attach.txt

Link to post
Share on other sites

Thanks so much MANIAC for helping me!

Ran both instructions. Updated logs below:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_23

Run by Jeff Pierce at 17:51:18 on 2011-11-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1273 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\MMKeybd.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Netropa\OSD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\TechSmith\Snagit 10\Snagit32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe

C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe

C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe

C:\WINDOWS\system32\HPZinw12.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [DellTouch] c:\windows\MMKeybd.exe

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{FB3BC6B4-427D-4BC5-8DEB-A9829B8F36CD} : DhcpNameServer = 192.168.2.1 192.168.2.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jeff pierce\application data\mozilla\firefox\profiles\mbc75vgw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\documents and settings\jeff pierce\application data\mozilla\firefox\profiles\mbc75vgw.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - plugin: c:\documents and settings\jeff pierce\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extentions.y2layers.installId, 7418fc95-e52c-4b47-affb-c03d34c976e9

.

============= SERVICES / DRIVERS ===============

.

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-9-26 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-10-23 47640]

R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2011-9-6 28672]

R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2011-9-6 6656]

S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-11-15 15:19:32 -------- d-s---w- C:\ComboFix

2011-11-12 19:46:49 163840 ----a-w- c:\windows\system32\CNDUK175.dll

2011-11-12 19:46:49 118867 ----a-w- c:\windows\system32\DSLLK175.dll

2011-11-12 19:46:48 94208 ----a-w- c:\windows\system32\CNDCK175.dll

2011-11-12 19:46:48 40960 ----a-w- c:\windows\system32\CNDNDlg.exe

2011-11-12 19:46:46 -------- d-----w- c:\program files\Canon

2011-11-10 03:36:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-09 14:20:00 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2011-11-09 03:12:30 -------- d-----w- c:\program files\ESET

2011-11-09 01:47:31 -------- d-----w- c:\windows\pss

2011-11-08 23:10:26 -------- d-sha-r- C:\cmdcons

2011-11-08 22:49:00 -------- d-----w- c:\documents and settings\jeff pierce\local settings\application data\NPE

2011-11-08 22:49:00 -------- d-----w- c:\documents and settings\all users\application data\Norton

2011-11-08 22:26:09 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-11-08 22:25:41 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro

2011-11-08 21:21:53 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-11-08 19:37:51 -------- d-----w- c:\documents and settings\jeff pierce\application data\Malwarebytes

2011-11-08 19:37:39 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-06 13:33:10 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-11-06 13:29:02 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-11-05 11:38:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-11-04 17:10:55 -------- d-----w- c:\program files\Amazon

2011-11-03 00:55:45 -------- d-----w- c:\documents and settings\jeff pierce\local settings\application data\Akamai

2011-11-02 02:36:57 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-02 02:36:57 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-02 02:36:57 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-10-26 22:04:42 -------- d-----w- c:\documents and settings\jeff pierce\application data\Canneverbe Limited

2011-10-26 22:04:42 -------- d-----w- c:\documents and settings\all users\application data\Canneverbe Limited

2011-10-26 22:04:30 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2011-10-23 14:03:42 21728 ----a-w- c:\windows\system32\wucltui.dll.mui

2011-10-23 14:03:42 -------- d-----w- c:\windows\system32\SoftwareDistribution

2011-10-23 14:03:40 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui

2011-10-23 14:03:36 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2011-10-23 14:03:34 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-10-23 14:03:06 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2011-10-23 14:03:06 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-10-23 14:03:05 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-23 14:03:05 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2011-10-23 14:02:50 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-23 14:02:36 -------- d-----w- c:\program files\LogMeIn

2011-10-17 17:03:32 -------- d-----w- c:\program files\iPod

2011-10-17 17:03:29 -------- d-----w- c:\program files\iTunes

2011-10-17 16:59:10 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-11-04 18:18:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-27 02:11:23 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-09-16 19:10:24 25248 ----a-w- c:\windows\system32\lmimirr.dll

2011-09-16 19:10:24 11552 ----a-w- c:\windows\system32\lmimirr2.dll

2011-09-16 19:10:24 10144 ----a-w- c:\windows\system32\drivers\lmimirr.sys

2011-09-05 22:44:26 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe

2011-09-05 22:44:26 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 03:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll

.

============= FINISH: 17:51:42.51 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 9/5/2011 5:32:18 PM

System Uptime: 11/15/2011 5:46:31 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0TD761

Processor: Genuine Intel® CPU T2400 @ 1.83GHz | Microprocessor | 1830/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 350.408 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Modem Device on High Definition Audio Bus

Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&10575340&0&0102

Manufacturer:

Name: Modem Device on High Definition Audio Bus

PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&10575340&0&0102

Service:

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Ethernet Controller

Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2

Manufacturer:

Name: Ethernet Controller

PNP Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2

Service:

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: O2Micro CCID SC Reader

Device ID: USB\VID_0B97&PID_7762\7&1E38C312&0&2

Manufacturer:

Name: O2Micro CCID SC Reader

PNP Device ID: USB\VID_0B97&PID_7762\7&1E38C312&0&2

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

AiO_Scan_CDA

AiOSoftwareNPI

ALPS Touch Pad Driver

Amazon MP3 Downloader 1.0.12

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

BufferChm

C6100

c6100_Help

Canon Camera WIA Driver

Canon EOS 20D WIA Driver

Carbonite

CDBurnerXP

Coupon Printer for Windows

DellTouch

Destinations

DeviceManagementQFolder

ESET Online Scanner v3

eSupportQFolder

Fax_CDA

FileZilla Client 3.5.1

Google Chrome

Hotfix for Windows XP (KB979306)

HP Imaging Device Functions 7.0

HP Photosmart, Officejet and Deskjet 7.0.A

HP Solution Center 7.0

HPPhotoSmartExpress

HPProductAssistant

InstantShareDevicesMFC

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

iTunes

Java Auto Updater

Java 6 Update 23

KeePass Password Safe 1.20

LogMeIn

mCore

mDriver

mDrWiFi

mHlpDell

Microsoft .NET Framework 2.0

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

mIWA

mLogView

mMHouse

Mozilla Firefox 8.0 (x86 en-US)

mPfMgr

mPfWiz

mProSafe

mSSO

mWlsSafe

mWMI

mXML

mZConfig

NewCopy_CDA

PanoStandAlone

PDF Settings CS5

Picasa 3

ProductContextNPI

QuickTime

Readme

Scan

ScannerCopy

SigmaTel Audio

Snagit 10.0.1

SolutionCenter

Status

TheMatrix Screen Saver version 1.14

Toolbox

TrayApp

Trillian

Unload

Update for Outlook 2007 (KB933493)

WebFldrs XP

WebReg

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

WinZip 12.0

.

==== Event Viewer Messages From Past Week ========

.

11/9/2011 3:30:06 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.

11/8/2011 8:23:16 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

11/8/2011 8:09:45 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SMR210\0000 disappeared from the system without first being prepared for removal.

11/8/2011 8:05:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SMR210.SYS' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

11/15/2011 9:28:57 AM, error: PlugPlayManager [11] - The device Root\LEGACY_RKHIT\0000 disappeared from the system without first being prepared for removal.

11/15/2011 8:43:13 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'Dc9.exe' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

11/14/2011 5:54:36 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running.

11/14/2011 5:53:36 PM, error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/11/2011 12:38:39 AM, error: VolSnap [25] - The shadow copy of volume C: was aborted because the diff area file could not grow in time. Consider reducing the IO load on this system to avoid this problem in the future.

11/11/2011 12:38:17 AM, error: VolSnap [12] - The shadow copy of volume C: became low on diff area space before it was properly installed.

11/10/2011 8:44:22 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 8:44:21 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 8:44:19 AM, error: Service Control Manager [7034] - The NMSAccess service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 8:44:19 AM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 8:44:19 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 8:44:18 AM, error: Service Control Manager [7034] - The Netropa NHK Server service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 8:44:18 AM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 8:44:18 AM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 8:44:18 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 8:44:18 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 8:44:18 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 8:44:18 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 8:44:18 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 8:44:18 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites

ComboFix 11-11-15.06 - Jeff Pierce 11/15/2011 21:38:49.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1215 [GMT -5:00]

Running from: c:\documents and settings\Jeff Pierce\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_RkHit

.

.

((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))

.

.

2011-11-12 19:46 . 2004-06-02 23:27 163840 ----a-w- c:\windows\system32\CNDUK175.dll

2011-11-12 19:46 . 2004-06-01 07:04 118867 ----a-w- c:\windows\system32\DSLLK175.dll

2011-11-12 19:46 . 2004-06-02 23:26 94208 ----a-w- c:\windows\system32\CNDCK175.dll

2011-11-12 19:46 . 2004-06-01 08:27 40960 ----a-w- c:\windows\system32\CNDNDlg.exe

2011-11-12 19:46 . 2011-11-12 19:46 -------- d-----w- c:\program files\Canon

2011-11-10 03:36 . 2011-11-15 21:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-09 14:20 . 2011-11-11 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-11-09 03:12 . 2011-11-09 03:12 -------- d-----w- c:\program files\ESET

2011-11-09 00:51 . 2011-11-09 00:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-11-09 00:42 . 2011-11-09 00:42 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-11-08 22:49 . 2011-11-08 22:56 -------- d-----w- c:\documents and settings\Jeff Pierce\Local Settings\Application Data\NPE

2011-11-08 22:49 . 2011-11-08 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2011-11-08 22:26 . 2011-11-08 22:26 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-11-08 22:25 . 2011-11-08 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-11-08 21:21 . 2011-11-08 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-11-08 19:37 . 2011-11-08 19:37 -------- d-----w- c:\documents and settings\Jeff Pierce\Application Data\Malwarebytes

2011-11-08 19:37 . 2011-11-08 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-06 13:33 . 2011-11-06 13:33 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-11-06 13:29 . 2011-11-11 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-11-05 11:38 . 2011-11-05 11:38 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-11-05 11:35 . 2011-11-09 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2011-11-04 17:11 . 2011-11-04 17:11 -------- d-----w- c:\documents and settings\Jeff Pierce\Application Data\Amazon

2011-11-04 17:10 . 2011-11-04 17:10 -------- d-----w- c:\program files\Amazon

2011-11-03 00:55 . 2011-11-05 01:00 -------- d-----w- c:\documents and settings\Jeff Pierce\Local Settings\Application Data\Akamai

2011-11-02 02:38 . 2011-11-02 02:38 -------- d-----w- c:\windows\Sun

2011-11-02 02:37 . 2011-11-02 02:37 -------- d-----w- c:\program files\Common Files\Java

2011-11-02 02:36 . 2011-11-02 02:36 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-11-02 02:36 . 2011-11-02 02:36 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-02 02:36 . 2011-11-02 02:36 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-02 02:36 . 2011-11-02 02:36 -------- d-----w- c:\program files\Java

2011-10-26 22:04 . 2011-10-26 22:04 -------- d-----w- c:\documents and settings\Jeff Pierce\Application Data\Canneverbe Limited

2011-10-26 22:04 . 2011-10-26 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited

2011-10-26 22:04 . 2009-11-12 18:48 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2011-10-26 22:04 . 2011-10-26 22:04 -------- d-----w- c:\program files\CDBurnerXP

2011-10-23 14:06 . 2011-10-23 14:07 -------- d-----w- c:\documents and settings\LogMeInRemoteUser

2011-10-23 14:03 . 2009-08-06 23:24 44768 ----a-w- c:\windows\system32\wups2.dll

2011-10-23 14:03 . 2009-08-06 23:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui

2011-10-23 14:03 . 2009-08-06 23:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui

2011-10-23 14:03 . 2009-08-06 23:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2011-10-23 14:03 . 2009-08-06 23:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-10-23 14:03 . 2011-09-26 22:16 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-10-23 14:03 . 2011-09-26 22:15 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-10-23 14:03 . 2011-09-26 22:16 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-23 14:03 . 2011-09-16 19:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2011-10-23 14:02 . 2011-09-26 22:15 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-23 14:02 . 2011-10-23 14:02 -------- d-----w- c:\program files\LogMeIn

2011-10-17 17:03 . 2011-10-17 17:03 -------- d-----w- c:\program files\iPod

2011-10-17 17:03 . 2011-10-17 17:04 -------- d-----w- c:\program files\iTunes

2011-10-17 16:59 . 2011-10-17 16:59 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2011-10-17 16:59 . 2011-10-17 16:59 -------- d-----w- c:\program files\Bonjour

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-04 18:18 . 2011-09-05 23:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-27 02:11 . 2011-09-27 02:11 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-09-16 19:10 . 2011-09-16 19:10 25248 ----a-w- c:\windows\system32\lmimirr.dll

2011-09-16 19:10 . 2011-09-16 19:10 11552 ----a-w- c:\windows\system32\lmimirr2.dll

2011-09-16 19:10 . 2011-09-16 19:10 10144 ----a-w- c:\windows\system32\drivers\lmimirr.sys

2011-09-05 22:44 . 2011-09-05 22:44 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe

2011-09-05 22:44 . 2011-09-05 22:44 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-11-09 20:32 . 2011-09-05 23:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"DellTouch"="c:\windows\MMKeybd.exe" [2002-01-17 163840]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2011-09-26 22:15 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/26/2011 5:15 PM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 2:10 PM 12856]

R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [9/6/2011 8:32 AM 28672]

R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [9/6/2011 8:32 AM 6656]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-261903793-1417001333-1003Core.job

- c:\documents and settings\Jeff Pierce\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-22 19:38]

.

2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-261903793-1417001333-1003UA.job

- c:\documents and settings\Jeff Pierce\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-22 19:38]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

FF - ProfilePath - c:\documents and settings\Jeff Pierce\Application Data\Mozilla\Firefox\Profiles\mbc75vgw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extentions.y2layers.installId, 7418fc95-e52c-4b47-affb-c03d34c976e9

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-15 21:43

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(740)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'explorer.exe'(3808)

c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\wscntfy.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\windows\system32\rundll32.exe

c:\windows\stsystra.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Apoint\Apntex.exe

c:\program files\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe

c:\program files\Apoint\HidFind.exe

c:\program files\Netropa\OSD.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\TechSmith\Snagit 10\TSCHelp.exe

c:\program files\TechSmith\Snagit 10\SnagPriv.exe

c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe

c:\program files\TechSmith\Snagit 10\snagiteditor.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\windows\system32\HPZinw12.exe

c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2011-11-15 21:47:20 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-16 02:47

.

Pre-Run: 376,132,104,192 bytes free

Post-Run: 376,204,595,200 bytes free

.

- - End Of File - - 12C253B9BBB79E62429263E796609D6A

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

SecCenter::
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

Folder::
c:\documents and settings\All Users\Application Data\AVG2012
c:\documents and settings\All Users\Application Data\Norton

FireFox::
FF - ProfilePath - c:\documents and settings\Jeff Pierce\Application Data\Mozilla\Firefox\Profiles\mbc75vgw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Link to post
Share on other sites

ComboFix 11-11-15.06 - Jeff Pierce 11/16/2011 11:07:06.7.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1317 [GMT -5:00]

Running from: c:\documents and settings\Jeff Pierce\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Jeff Pierce\Desktop\CFScript.txt

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\AVG2012

c:\documents and settings\All Users\Application Data\AVG2012\log\avgmail.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgmail.log.lock

c:\documents and settings\All Users\Application Data\Norton

c:\documents and settings\All Users\Application Data\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI

c:\documents and settings\All Users\Application Data\Norton\NPE\NPEsettings.dat

.

.

((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))

.

.

2011-11-12 19:46 . 2004-06-02 23:27 163840 ----a-w- c:\windows\system32\CNDUK175.dll

2011-11-12 19:46 . 2004-06-01 07:04 118867 ----a-w- c:\windows\system32\DSLLK175.dll

2011-11-12 19:46 . 2004-06-02 23:26 94208 ----a-w- c:\windows\system32\CNDCK175.dll

2011-11-12 19:46 . 2004-06-01 08:27 40960 ----a-w- c:\windows\system32\CNDNDlg.exe

2011-11-12 19:46 . 2011-11-12 19:46 -------- d-----w- c:\program files\Canon

2011-11-10 03:36 . 2011-11-15 21:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-09 03:12 . 2011-11-09 03:12 -------- d-----w- c:\program files\ESET

2011-11-09 00:51 . 2011-11-09 00:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-11-09 00:42 . 2011-11-09 00:42 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-11-08 22:49 . 2011-11-08 22:56 -------- d-----w- c:\documents and settings\Jeff Pierce\Local Settings\Application Data\NPE

2011-11-08 22:26 . 2011-11-08 22:26 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-11-08 22:25 . 2011-11-08 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-11-08 21:21 . 2011-11-08 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-11-08 19:37 . 2011-11-08 19:37 -------- d-----w- c:\documents and settings\Jeff Pierce\Application Data\Malwarebytes

2011-11-08 19:37 . 2011-11-08 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-06 13:33 . 2011-11-06 13:33 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-11-06 13:29 . 2011-11-11 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-11-05 11:38 . 2011-11-05 11:38 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-11-05 11:35 . 2011-11-09 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2011-11-04 17:11 . 2011-11-04 17:11 -------- d-----w- c:\documents and settings\Jeff Pierce\Application Data\Amazon

2011-11-04 17:10 . 2011-11-04 17:10 -------- d-----w- c:\program files\Amazon

2011-11-03 00:55 . 2011-11-05 01:00 -------- d-----w- c:\documents and settings\Jeff Pierce\Local Settings\Application Data\Akamai

2011-11-02 02:38 . 2011-11-02 02:38 -------- d-----w- c:\windows\Sun

2011-11-02 02:37 . 2011-11-02 02:37 -------- d-----w- c:\program files\Common Files\Java

2011-11-02 02:36 . 2011-11-02 02:36 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-11-02 02:36 . 2011-11-02 02:36 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-02 02:36 . 2011-11-02 02:36 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-02 02:36 . 2011-11-02 02:36 -------- d-----w- c:\program files\Java

2011-10-26 22:04 . 2011-10-26 22:04 -------- d-----w- c:\documents and settings\Jeff Pierce\Application Data\Canneverbe Limited

2011-10-26 22:04 . 2011-10-26 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited

2011-10-26 22:04 . 2009-11-12 18:48 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2011-10-26 22:04 . 2011-10-26 22:04 -------- d-----w- c:\program files\CDBurnerXP

2011-10-23 14:06 . 2011-10-23 14:07 -------- d-----w- c:\documents and settings\LogMeInRemoteUser

2011-10-23 14:03 . 2009-08-06 23:24 44768 ----a-w- c:\windows\system32\wups2.dll

2011-10-23 14:03 . 2009-08-06 23:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui

2011-10-23 14:03 . 2009-08-06 23:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui

2011-10-23 14:03 . 2009-08-06 23:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2011-10-23 14:03 . 2009-08-06 23:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-10-23 14:03 . 2011-09-26 22:16 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-10-23 14:03 . 2011-09-26 22:15 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-10-23 14:03 . 2011-09-26 22:16 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-23 14:03 . 2011-09-16 19:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2011-10-23 14:02 . 2011-09-26 22:15 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-23 14:02 . 2011-10-23 14:02 -------- d-----w- c:\program files\LogMeIn

2011-10-17 17:03 . 2011-10-17 17:03 -------- d-----w- c:\program files\iPod

2011-10-17 17:03 . 2011-10-17 17:04 -------- d-----w- c:\program files\iTunes

2011-10-17 16:59 . 2011-10-17 16:59 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2011-10-17 16:59 . 2011-10-17 16:59 -------- d-----w- c:\program files\Bonjour

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-04 18:18 . 2011-09-05 23:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-27 02:11 . 2011-09-27 02:11 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-09-16 19:10 . 2011-09-16 19:10 25248 ----a-w- c:\windows\system32\lmimirr.dll

2011-09-16 19:10 . 2011-09-16 19:10 11552 ----a-w- c:\windows\system32\lmimirr2.dll

2011-09-16 19:10 . 2011-09-16 19:10 10144 ----a-w- c:\windows\system32\drivers\lmimirr.sys

2011-09-05 22:44 . 2011-09-05 22:44 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe

2011-09-05 22:44 . 2011-09-05 22:44 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-11-09 20:32 . 2011-09-05 23:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-16_02.43.45 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-08-23 12:00 . 2011-11-15 22:51 59842 c:\windows\system32\perfc009.dat

+ 2001-08-23 12:00 . 2011-11-16 02:47 59842 c:\windows\system32\perfc009.dat

+ 2001-08-23 12:00 . 2011-11-16 02:47 395768 c:\windows\system32\perfh009.dat

- 2001-08-23 12:00 . 2011-11-15 22:51 395768 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"DellTouch"="c:\windows\MMKeybd.exe" [2002-01-17 163840]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2011-09-26 22:15 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/26/2011 5:15 PM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 2:10 PM 12856]

R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [9/6/2011 8:32 AM 28672]

R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [9/6/2011 8:32 AM 6656]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-261903793-1417001333-1003Core.job

- c:\documents and settings\Jeff Pierce\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-22 19:38]

.

2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-261903793-1417001333-1003UA.job

- c:\documents and settings\Jeff Pierce\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-22 19:38]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

FF - ProfilePath - c:\documents and settings\Jeff Pierce\Application Data\Mozilla\Firefox\Profiles\mbc75vgw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extentions.y2layers.installId, 7418fc95-e52c-4b47-affb-c03d34c976e9

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-16 11:11

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(740)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

c:\windows\system32\igfxdev.dll

.

Completion time: 2011-11-16 11:12:57

ComboFix-quarantined-files.txt 2011-11-16 16:12

ComboFix2.txt 2011-11-16 02:47

.

Pre-Run: 376,023,011,328 bytes free

Post-Run: 376,016,986,112 bytes free

.

- - End Of File - - B2B559CEC49F1A15D1649845842FE84E

Link to post
Share on other sites

Maniac,

My machine seems to be performing really nicely.

Is there anything you notice in the logs? Do they look *clean* as far as you can tell?

Is there any benefit to checking registry or just leave that alone?

I guess I will be able to tell in a few days if the infection returns. So far so good though.

I have no idea why it kept coming back. I dont really stray onto suspicious websites.

Any recommendation on a security software that will detect something BEFORE I get it? Like should I install malware bytes and leave it on all the time? I was using AVG, but no alerts ever popped up.

Let me know what you think.

Jeff

Link to post
Share on other sites

Is there anything you notice in the logs? Do they look *clean* as far as you can tell?

Yes, I think so, but I want from you to perform some additional scans. Is it a problem for you?

Is there any benefit to checking registry or just leave that alone?

The above log files give me light on key locations in the registry. Additional scans, which I would like to do before you finish, will also cover this part.

I guess I will be able to tell in a few days if the infection returns. So far so good though.

This is the reason why I asked if there is any progress. It is important to know whether what we did here showed some effect does not matter whether it is good or not, the question is to know in order to take timely measures.

I have no idea why it kept coming back. I dont really stray onto suspicious websites.

In the end I will try to give some light on this question.

Any recommendation on a security software that will detect something BEFORE I get it? Like should I install malware bytes and leave it on all the time? I was using AVG, but no alerts ever popped up.

From what you say, I understand that you need a new antivirus program. This will also be included in my last instructions to you. Malwarebytes' Anti-Malware can not function alone, because it does not cover the perimeter - viruses. Malwarebytes' Anti-Malware is an excellent additional security software, but alone can not do everything. It would not be fair to evaluate protection of AVG, but I can only say that there are better options, also free, if is that what you looking for as a factor.

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Next:

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

Please include these logs in your next reply.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8191

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

11/18/2011 8:56:43 PM

mbam-log-2011-11-18 (20-56-42).txt

Scan type: Quick scan

Objects scanned: 179203

Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

********ESET LOG***********

C:\System Volume Information\_restore{3778D21E-66E0-481E-B958-47E36B70C105}\RP2\A0001389.dll Win32/Adware.SpywareCease application cleaned by deleting - quarantined

C:\System Volume Information\_restore{3778D21E-66E0-481E-B958-47E36B70C105}\RP2\A0001390.dll Win32/Adware.SpywareCease.AA application cleaned by deleting - quarantined

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=82c26c4b1d15854b9bee191a37a2b742

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-09 04:07:38

# local_time=2011-11-08 11:07:38 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=102471

# found=9

# cleaned=9

# scan_time=2855

C:\Documents and Settings\Jeff Pierce\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\gpnkidbgkdebflhjeljdimdinaefbcpb\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Jeff Pierce\Application Data\Mozilla\Firefox\Profiles\mbc75vgw.default\extensions\{2b452754-0b13-4bda-9516-bf7350d067a4}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Jeff Pierce\Application Data\Mozilla\Firefox\Profiles\mbc75vgw.default\extensions\{2b452754-0b13-4bda-9516-bf7350d067a4}\chrome\xulcache.jar.vir JS/Agent.NDO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{3778D21E-66E0-481E-B958-47E36B70C105}\RP13\A0000707.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{3778D21E-66E0-481E-B958-47E36B70C105}\RP13\A0000708.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{3778D21E-66E0-481E-B958-47E36B70C105}\RP70\A0013429.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{3778D21E-66E0-481E-B958-47E36B70C105}\RP72\A0013499.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{3778D21E-66E0-481E-B958-47E36B70C105}\RP77\A0013968.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{3778D21E-66E0-481E-B958-47E36B70C105}\RP77\A0014420.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=82c26c4b1d15854b9bee191a37a2b742

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-11 06:01:40

# local_time=2011-11-11 01:01:40 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777175 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=100569

# found=1

# cleaned=1

# scan_time=3247

C:\Qoobox\Quarantine\C\Documents and Settings\Jeff Pierce\Application Data\Mozilla\Firefox\Profiles\mbc75vgw.default\extensions\{8c9c762d-946f-4b08-ae13-5d65b7069646}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=82c26c4b1d15854b9bee191a37a2b742

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-15 02:59:27

# local_time=2011-11-14 09:59:27 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=104929

# found=1

# cleaned=1

# scan_time=3359

C:\Documents and Settings\Jeff Pierce\Application Data\Mozilla\Firefox\Profiles\mbc75vgw.default\extensions\{83688ebb-bff0-481c-b60d-6fbfa0537456}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

# version=7

# IEXPLORE.EXE=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=82c26c4b1d15854b9bee191a37a2b742

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-11-19 03:01:34

# local_time=2011-11-18 10:01:34 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=97619

# found=2

# cleaned=2

# scan_time=3752

C:\System Volume Information\_restore{3778D21E-66E0-481E-B958-47E36B70C105}\RP2\A0001389.dll Win32/Adware.SpywareCease application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{3778D21E-66E0-481E-B958-47E36B70C105}\RP2\A0001390.dll Win32/Adware.SpywareCease.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

When I just opened firefox, I was prompted to install the addon called: 'XUL Cache 1.0' which I know is a redirect virus/malware. Every time this pops up, I know I have a problem. I declined the allowing the addon, but it's now listed in my add-ons. (see screenshot attached).

Also, Internet explorer now keeps popping up randomly in a little window to a site called: blinkx.com

I never use IE, only firefox. So IE opens itself, then goes to blinx.com

Looks like I am still having problems, just when I thought things got a lot better.

Im not getting any re-directs (yet) however in firefox, seems normal. Only the other issues noted.

I will await your recommendations.

Jeff

post-99980-0-61646100-1321741550.jpg

Link to post
Share on other sites

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-21 07:53:42

-----------------------------

07:53:42.250 OS Version: Windows 5.1.2600 Service Pack 3

07:53:42.250 Number of processors: 2 586 0xE08

07:53:42.250 ComputerName: JEFFSLAPTOP UserName: Jeff Pierce

07:53:44.031 Initialize success

07:54:35.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

07:54:35.343 Disk 0 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 3

07:54:37.375 Disk 0 MBR read successfully

07:54:37.375 Disk 0 MBR scan

07:54:37.375 Disk 0 Windows XP default MBR code

07:54:37.390 Disk 0 scanning sectors +976768065

07:54:37.500 Disk 0 scanning C:\WINDOWS\system32\drivers

07:54:42.828 Service scanning

07:54:44.734 Modules scanning

07:54:48.937 Disk 0 trace - called modules:

07:54:48.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

07:54:48.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89debab8]

07:54:48.953 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007a[0x89dbbf18]

07:54:48.953 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d55d98]

07:54:48.953 Scan finished successfully

07:55:28.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jeff Pierce\Desktop\MBR.dat"

07:55:28.187 The log file has been saved successfully to "C:\Documents and Settings\Jeff Pierce\Desktop\aswMBR.txt"

Link to post
Share on other sites

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Link to post
Share on other sites

OTL logfile created on: 11/21/2011 2:35:06 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jeff Pierce\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.75% Memory free

3.84 Gb Paging File | 3.01 Gb Available in Paging File | 78.40% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.76 Gb Total Space | 346.97 Gb Free Space | 74.49% Space Free | Partition Type: NTFS

Computer Name: JEFFSLAPTOP | User Name: Jeff Pierce | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jeff Pierce\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)

PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)

PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)

PRC - C:\Program Files\TechSmith\Snagit 10\TscHelp.exe (TechSmith Corporation)

PRC - C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe (TechSmith Corporation)

PRC - C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe (TechSmith Corporation)

PRC - C:\Program Files\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)

PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))

PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)

PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

PRC - C:\WINDOWS\system32\HPZinw12.exe (HP)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)

PRC - C:\WINDOWS\MMKeybd.exe (Netropa Corp.)

PRC - C:\WINDOWS\Nhksrv.exe ()

PRC - C:\Program Files\Netropa\OSD.exe (Netropa Corp.)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files\Trillian\libspeex.dll ()

MOD - C:\Program Files\Trillian\libungif.dll ()

MOD - C:\Program Files\Trillian\zlib1.dll ()

MOD - c:\Program Files\Trillian\languages\en\buddy.dll ()

MOD - c:\Program Files\Trillian\languages\en\talk.dll ()

MOD - c:\Program Files\Trillian\languages\en\trillian.dll ()

MOD - c:\Program Files\Trillian\languages\en\events.dll ()

MOD - c:\Program Files\Trillian\languages\en\toolkit.dll ()

MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

MOD - C:\Program Files\Common Files\Adobe\CS5ServiceManager\zlib1.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()

MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()

MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()

MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()

MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()

MOD - C:\WINDOWS\Nhksrv.exe ()

MOD - C:\WINDOWS\system32\msiosd32.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)

SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)

SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))

SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (Nhksrv) -- C:\WINDOWS\Nhksrv.exe ()

========== Driver Services (SafeList) ==========

DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)

DRV - (Msikbd2k) -- C:\WINDOWS\system32\drivers\Msikbd2k.sys (Netropa Corporation)

DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 68 A4 00 1E 43 45 46 A6 44 89 B7 A6 82 B9 C7 [binary data]

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {eeeeeeee-aaaa-0000-aaaa-000000000000}:3.1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0

FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2

FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: btpersonas@brandthunder.com:1.0.7.3

FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jeff Pierce\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jeff Pierce\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/11/20 09:44:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/11/20 12:39:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 15:32:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/20 16:22:48 | 000,000,000 | ---D | M]

[2011/09/05 18:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff Pierce\Application Data\Mozilla\Extensions

[2011/11/20 11:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff Pierce\Application Data\Mozilla\Firefox\Profiles\mbc75vgw.default\extensions

[2011/09/05 18:28:57 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Jeff Pierce\Application Data\Mozilla\Firefox\Profiles\mbc75vgw.default\extensions\LogMeInClient@logmein.com

[2011/09/05 18:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff Pierce\Application Data\Mozilla\Firefox\Profiles\mbc75vgw.default\extensions\nostmp

[2011/07/27 10:46:34 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Application Data\Mozilla\Firefox\Profiles\mbc75vgw.default\searchplugins\conduit.xml

[2011/11/20 12:40:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/11/09 15:32:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/11/20 12:40:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEFF PIERCE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MBC75VGW.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEFF PIERCE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MBC75VGW.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEFF PIERCE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MBC75VGW.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI

[2011/11/20 12:39:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/11/09 15:32:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2011/11/20 12:39:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2011/08/30 14:41:02 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011/08/30 14:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/08/30 14:41:02 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2011/08/30 14:41:02 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2011/11/09 15:32:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2011/08/30 14:41:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2011/08/30 14:41:02 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jeff Pierce\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Jeff Pierce\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jeff Pierce\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jeff Pierce\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/20 11:48:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)

O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe (Netropa Corp.)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 10.lnk = C:\Program Files\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB3BC6B4-427D-4BC5-8DEB-A9829B8F36CD}: DhcpNameServer = 192.168.2.1 192.168.2.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Jeff Pierce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff Pierce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/09/05 16:29:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 13:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Pierce\Desktop\Custom Air Concepts

[2011/11/21 12:35:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2011/11/21 12:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/11/20 12:43:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/11/20 12:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster

[2011/11/20 12:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster

[2011/11/20 12:40:48 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/11/20 12:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/11/20 12:40:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/11/20 12:40:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/11/20 12:40:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/11/20 12:40:06 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2011/11/20 12:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2011/11/20 12:34:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/11/20 12:00:21 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011/11/20 09:19:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer

[2011/11/20 09:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies

[2011/11/20 09:19:14 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll

[2011/11/20 09:19:13 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll

[2011/11/20 09:19:13 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll

[2011/11/20 09:19:13 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe

[2011/11/20 09:19:13 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll

[2011/11/20 09:19:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll

[2011/11/20 09:19:13 | 000,000,000 | ---D | C] -- C:\18be3b853790f54e53

[2011/11/20 09:13:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jeff Pierce\PrivacIE

[2011/11/20 08:59:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jeff Pierce\IETldCache

[2011/11/20 08:47:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2011/11/20 08:47:14 | 011,081,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2011/11/20 08:47:14 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2011/11/20 08:47:14 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2011/11/20 08:47:14 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2011/11/20 08:47:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2011/11/20 08:46:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2011/11/20 08:45:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2011/11/19 22:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2011/11/19 22:34:35 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys

[2011/11/19 22:33:59 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2011/11/19 22:25:50 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2011/11/19 22:25:50 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2011/11/19 22:25:49 | 002,069,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe

[2011/11/19 22:25:49 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2011/11/19 22:21:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2011/11/19 22:21:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$

[2011/11/18 20:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/11/18 20:50:59 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/11/18 08:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Pierce\Desktop\Prestigious Maintenance

[2011/11/15 17:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Pierce\Desktop\Premier Strings

[2011/11/15 16:05:57 | 009,130,808 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Jeff Pierce\Desktop\AppRemover.exe

[2011/11/12 14:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities

[2011/11/12 14:46:49 | 000,163,840 | ---- | C] (Canon, Inc.) -- C:\WINDOWS\System32\CNDUK175.dll

[2011/11/12 14:46:49 | 000,118,867 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK175.dll

[2011/11/12 14:46:48 | 000,094,208 | ---- | C] (Canon, Inc.) -- C:\WINDOWS\System32\CNDCK175.dll

[2011/11/12 14:46:48 | 000,040,960 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNDNDlg.exe

[2011/11/12 14:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Canon

[2011/11/09 22:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/11/09 15:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Pierce\Desktop\PPW NEW WEbsite

[2011/11/08 20:47:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2011/11/08 19:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2011/11/08 19:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/11/08 19:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/11/08 19:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/11/08 18:10:26 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/11/08 18:07:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/11/08 18:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jeff Pierce\Start Menu\Programs\Administrative Tools

[2011/11/08 17:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Pierce\Local Settings\Application Data\NPE

[2011/11/08 17:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2011/11/08 16:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools

[2011/11/08 14:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Pierce\Application Data\Malwarebytes

[2011/11/08 14:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/11/06 08:33:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/11/06 08:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/11/05 06:38:10 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2011/11/05 06:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2011/11/04 12:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Pierce\Application Data\Amazon

[2011/11/04 12:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon

[2011/11/04 12:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon

[2011/11/02 19:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Pierce\Local Settings\Application Data\Akamai

[2011/11/02 13:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Pierce\Desktop\the-bel-air-2-5

[2011/11/01 21:38:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2011/11/01 21:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2011/11/01 21:36:57 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2011/11/01 21:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Pierce\Application Data\Sun

[2011/10/31 09:54:44 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2011/10/31 09:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2011/10/28 12:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Pierce\Desktop\Domers

[2011/10/27 17:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Pierce\My Documents\My Scans

[2011/10/26 17:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Pierce\Application Data\Canneverbe Limited

[2011/10/26 17:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2011/10/26 17:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP

[2011/10/23 09:03:54 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll

[2011/10/23 09:03:42 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui

[2011/10/23 09:03:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[2011/10/23 09:03:34 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui

[2011/10/23 09:03:06 | 000,030,592 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll

[2011/10/23 09:03:05 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll

[2011/10/23 09:03:05 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys

[2011/10/23 09:02:50 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll

[2011/10/23 09:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn

[1 C:\Documents and Settings\Jeff Pierce\Desktop\*.tmp files -> C:\Documents and Settings\Jeff Pierce\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/21 13:51:57 | 000,227,727 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Desktop\Property 1.jpg

[2011/11/21 13:48:01 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-261903793-1417001333-1003UA.job

[2011/11/21 13:43:27 | 000,096,138 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Desktop\CAC Biz Card -back.jpg

[2011/11/21 13:34:15 | 000,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI

[2011/11/20 18:52:32 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Application Data\Adobe PNG Format CS5 Prefs

[2011/11/20 17:48:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-261903793-1417001333-1003Core.job

[2011/11/20 17:37:46 | 001,427,519 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Desktop\Birth Cert & Court Paperwork.pdf

[2011/11/20 16:27:19 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/11/20 16:27:19 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/11/20 16:22:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/20 16:22:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/11/20 12:43:29 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Desktop\SpywareBlaster.lnk

[2011/11/20 12:40:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/11/20 12:39:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2011/11/20 12:39:51 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/11/20 12:39:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/11/20 12:39:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/11/20 12:39:51 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2011/11/20 11:48:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/11/20 09:52:19 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Application Data\bbca99c2

[2011/11/20 09:30:59 | 003,653,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/11/20 09:22:53 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Application Data\5b17663d

[2011/11/20 09:07:35 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/11/20 08:59:26 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/11/18 20:51:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/11/18 14:25:30 | 000,080,412 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\My Documents\Database.kdb

[2011/11/18 10:57:02 | 000,987,871 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Desktop\the-bel-air-essential-package.zip

[2011/11/18 08:50:11 | 000,361,955 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Desktop\Sandler Receipt.pdf

[2011/11/16 18:24:34 | 001,119,819 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Desktop\Old_street_by_Universal_Hazard.jpg

[2011/11/16 11:04:36 | 000,153,822 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Desktop\Untitled-1.psd

[2011/11/15 16:06:25 | 009,130,808 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Jeff Pierce\Desktop\AppRemover.exe

[2011/11/15 08:50:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Application Data\4cb2ee38

[2011/11/14 09:18:29 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/14 08:46:35 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Application Data\Adobe BMP Format CS5 Prefs

[2011/11/08 22:02:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/11/08 18:10:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/11/08 17:56:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2011/11/08 17:26:09 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2011/11/08 16:23:47 | 000,503,894 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB

[2011/11/08 15:58:50 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat

[2011/11/08 15:58:50 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

[2011/11/05 06:38:10 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2011/10/31 19:24:25 | 000,109,621 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Desktop\PPW Background.jpg

[2011/10/23 09:02:48 | 000,001,024 | ---- | M] () -- C:\.rnd

[1 C:\Documents and Settings\Jeff Pierce\Desktop\*.tmp files -> C:\Documents and Settings\Jeff Pierce\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/21 13:51:56 | 000,227,727 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Desktop\Property 1.jpg

[2011/11/21 13:42:44 | 000,096,138 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Desktop\CAC Biz Card -back.jpg

[2011/11/20 17:37:46 | 001,427,519 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Desktop\Birth Cert & Court Paperwork.pdf

[2011/11/20 12:43:29 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Desktop\SpywareBlaster.lnk

[2011/11/20 08:59:26 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/11/18 20:51:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/11/18 10:57:02 | 000,987,871 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Desktop\the-bel-air-essential-package.zip

[2011/11/18 08:50:11 | 000,361,955 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Desktop\Sandler Receipt.pdf

[2011/11/16 18:24:34 | 001,119,819 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Desktop\Old_street_by_Universal_Hazard.jpg

[2011/11/08 19:41:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/11/08 18:10:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/11/08 18:10:30 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/11/08 17:26:09 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2011/11/08 16:23:44 | 000,503,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB

[2011/11/08 15:54:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2011/11/08 15:54:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2011/11/05 06:33:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Application Data\4cb2ee38

[2011/11/04 17:53:47 | 000,153,822 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Desktop\Untitled-1.psd

[2011/11/04 13:24:54 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Application Data\5b17663d

[2011/11/04 13:18:46 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Application Data\bbca99c2

[2011/11/02 21:30:50 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Application Data\Adobe BMP Format CS5 Prefs

[2011/10/31 17:53:34 | 000,109,621 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Desktop\PPW Background.jpg

[2011/10/26 17:04:31 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk

[2011/10/26 17:04:30 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2011/10/23 09:02:47 | 000,001,024 | ---- | C] () -- C:\.rnd

[2011/10/23 09:02:38 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk

[2011/09/20 21:51:24 | 000,000,274 | ---- | C] () -- C:\WINDOWS\TheMatrix.ini

[2011/09/14 11:18:18 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Application Data\Adobe GIF Format CS5 Prefs

[2011/09/08 22:52:01 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Application Data\Adobe PNG Format CS5 Prefs

[2011/09/07 14:49:08 | 000,000,160 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2011/09/07 14:48:37 | 000,000,734 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2011/09/07 14:35:41 | 000,117,087 | ---- | C] () -- C:\WINDOWS\hpoins11.dat

[2011/09/07 14:35:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2011/09/07 14:35:01 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat

[2011/09/06 16:40:20 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Jeff Pierce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/06 13:18:05 | 000,079,736 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/09/06 08:32:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Nhksrv.exe

[2011/09/06 08:32:46 | 000,000,311 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI

[2011/09/06 08:32:46 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI

[2011/09/06 08:32:44 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2011/09/06 08:32:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll

[2011/09/05 17:45:24 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll

[2011/09/05 17:44:26 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe

[2011/09/05 16:32:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/09/05 16:26:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011/09/05 12:15:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/09/05 12:14:06 | 003,653,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/04/14 00:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006/12/31 02:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001/08/23 07:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/08/23 07:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/10/26 17:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2011/09/06 20:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite

[2011/11/06 08:33:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/11/08 17:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2011/11/21 07:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2011/11/11 10:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/09/13 22:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2011/09/06 08:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith

[2011/11/20 12:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/09/05 19:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2011/09/05 23:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/11/04 12:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Pierce\Application Data\Amazon

[2011/10/26 17:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Pierce\Application Data\Canneverbe Limited

[2011/09/12 19:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Pierce\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/11/21 13:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Pierce\Application Data\FileZilla

[2011/09/06 12:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Pierce\Application Data\KeePass

[2011/09/06 21:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Pierce\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2011/09/06 14:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Pierce\Application Data\Trillian

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 11/21/2011 2:35:06 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jeff Pierce\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.75% Memory free

3.84 Gb Paging File | 3.01 Gb Available in Paging File | 78.40% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.76 Gb Total Space | 346.97 Gb Free Space | 74.49% Space Free | Partition Type: NTFS

Computer Name: JEFFSLAPTOP | User Name: Jeff Pierce | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\Mozilla Firefox\plugin-container.exe" = C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox -- (Mozilla Corporation)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{23FBECC1-FA31-472A-83FB-27520B81EC3A}_is1" = TheMatrix Screen Saver version 1.14

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{B3B4CD34-6C20-4b28-A231-FEC55B42C579}" = c6100_Help

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C8574AE5-370F-4246-A301-B85A2CC89A5E}" = C6100

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86

"{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}" = LogMeIn

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon Camera WIA Driver

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12

"Carbonite Backup" = Carbonite

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"ENTERPRISE" = Microsoft Office Enterprise 2007

"FileZilla Client" = FileZilla Client 3.5.1

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"ie8" = Windows Internet Explorer 8

"InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon EOS 20D WIA Driver

"KeePass Password Safe_is1" = KeePass Password Safe 1.20

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)

"Picasa 3" = Picasa 3

"ProInst" = Intel® PROSet/Wireless Software

"SpywareBlaster_is1" = SpywareBlaster 4.4

"Trillian" = Trillian

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/21/2011 10:35:50 AM | Computer Name = JEFFSLAPTOP | Source = VSS | ID = 12292

Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider

COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error - 11/21/2011 10:41:21 AM | Computer Name = JEFFSLAPTOP | Source = COM+ | ID = 135761

Description = The run-time environment has detected an inconsistency in its internal

state. This indicates a potential instability in the process that could be caused

by the custom components running in the COM+ application, the components they make

use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),

hr = 80070424: InitEventCollector fail

Error - 11/21/2011 11:56:37 AM | Computer Name = JEFFSLAPTOP | Source = COM+ | ID = 135761

Description = The run-time environment has detected an inconsistency in its internal

state. This indicates a potential instability in the process that could be caused

by the custom components running in the COM+ application, the components they make

use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),

hr = 80070424: InitEventCollector fail

Error - 11/21/2011 11:56:37 AM | Computer Name = JEFFSLAPTOP | Source = VSS | ID = 12292

Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider

COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error - 11/21/2011 12:11:43 PM | Computer Name = JEFFSLAPTOP | Source = COM+ | ID = 135761

Description = The run-time environment has detected an inconsistency in its internal

state. This indicates a potential instability in the process that could be caused

by the custom components running in the COM+ application, the components they make

use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),

hr = 80070424: InitEventCollector fail

Error - 11/21/2011 12:11:43 PM | Computer Name = JEFFSLAPTOP | Source = VSS | ID = 12292

Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider

COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error - 11/21/2011 12:31:45 PM | Computer Name = JEFFSLAPTOP | Source = COM+ | ID = 135761

Description = The run-time environment has detected an inconsistency in its internal

state. This indicates a potential instability in the process that could be caused

by the custom components running in the COM+ application, the components they make

use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),

hr = 80070424: InitEventCollector fail

Error - 11/21/2011 12:31:45 PM | Computer Name = JEFFSLAPTOP | Source = VSS | ID = 12292

Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider

COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error - 11/21/2011 12:34:22 PM | Computer Name = JEFFSLAPTOP | Source = COM+ | ID = 135761

Description = The run-time environment has detected an inconsistency in its internal

state. This indicates a potential instability in the process that could be caused

by the custom components running in the COM+ application, the components they make

use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),

hr = 80070424: InitEventCollector fail

Error - 11/21/2011 12:34:22 PM | Computer Name = JEFFSLAPTOP | Source = VSS | ID = 12292

Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider

COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

[ OSession Events ]

Error - 9/18/2011 2:40:43 PM | Computer Name = JEFFSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 54 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/18/2011 2:40:49 PM | Computer Name = JEFFSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/18/2011 10:33:12 PM | Computer Name = JEFFSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/18/2011 10:33:19 PM | Computer Name = JEFFSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/18/2011 10:33:23 PM | Computer Name = JEFFSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/18/2011 10:37:02 PM | Computer Name = JEFFSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/18/2011 10:37:49 PM | Computer Name = JEFFSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 38 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/18/2011 10:39:24 PM | Computer Name = JEFFSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 32 seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/3/2011 8:05:25 AM | Computer Name = JEFFSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 48644

seconds with 420 seconds of active time. This session ended with a crash.

Error - 11/11/2011 1:00:48 AM | Computer Name = JEFFSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 19092

seconds with 780 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 11/20/2011 7:48:30 PM | Computer Name = JEFFSLAPTOP | Source = Service Control Manager | ID = 7034

Description = The MS Software Shadow Copy Provider service terminated unexpectedly.

It has done this 15 time(s).

Error - 11/20/2011 7:52:33 PM | Computer Name = JEFFSLAPTOP | Source = Service Control Manager | ID = 7034

Description = The MS Software Shadow Copy Provider service terminated unexpectedly.

It has done this 16 time(s).

Error - 11/20/2011 9:12:09 PM | Computer Name = JEFFSLAPTOP | Source = Service Control Manager | ID = 7034

Description = The MS Software Shadow Copy Provider service terminated unexpectedly.

It has done this 33 time(s).

Error - 11/20/2011 11:09:11 PM | Computer Name = JEFFSLAPTOP | Source = Service Control Manager | ID = 7034

Description = The MS Software Shadow Copy Provider service terminated unexpectedly.

It has done this 56 time(s).

Error - 11/21/2011 8:57:41 AM | Computer Name = JEFFSLAPTOP | Source = Service Control Manager | ID = 7034

Description = The MS Software Shadow Copy Provider service terminated unexpectedly.

It has done this 66 time(s).

Error - 11/21/2011 9:02:43 AM | Computer Name = JEFFSLAPTOP | Source = Service Control Manager | ID = 7034

Description = The MS Software Shadow Copy Provider service terminated unexpectedly.

It has done this 67 time(s).

Error - 11/21/2011 9:08:21 AM | Computer Name = JEFFSLAPTOP | Source = Service Control Manager | ID = 7034

Description = The MS Software Shadow Copy Provider service terminated unexpectedly.

It has done this 68 time(s).

Error - 11/21/2011 10:41:21 AM | Computer Name = JEFFSLAPTOP | Source = Service Control Manager | ID = 7034

Description = The MS Software Shadow Copy Provider service terminated unexpectedly.

It has done this 76 time(s).

Error - 11/21/2011 10:45:07 AM | Computer Name = JEFFSLAPTOP | Source = Service Control Manager | ID = 7034

Description = The MS Software Shadow Copy Provider service terminated unexpectedly.

It has done this 77 time(s).

Error - 11/21/2011 12:11:43 PM | Computer Name = JEFFSLAPTOP | Source = Service Control Manager | ID = 7034

Description = The MS Software Shadow Copy Provider service terminated unexpectedly.

It has done this 81 time(s).

< End of report >

Link to post
Share on other sites

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
[2011/07/27 10:46:34 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Application Data\Mozilla\Firefox\Profiles\mbc75vgw.default\searchplugins\conduit.xml
[2011/11/20 09:52:19 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Application Data\bbca99c2
[2011/11/20 09:22:53 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Application Data\5b17663d
[2011/11/15 08:50:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jeff Pierce\Application Data\4cb2ee38
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

:Commands
[emptytemp]
[clearallrestorepoints]
[createrestorepoint]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

All processes killed

========== OTL ==========

Prefs.js: "WhiteSmoke Bar Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems

Prefs.js: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 removed from extensions.enabledItems

C:\Documents and Settings\Jeff Pierce\Application Data\Mozilla\Firefox\Profiles\mbc75vgw.default\searchplugins\conduit.xml moved successfully.

C:\Documents and Settings\Jeff Pierce\Application Data\bbca99c2 moved successfully.

C:\Documents and Settings\Jeff Pierce\Application Data\5b17663d moved successfully.

C:\Documents and Settings\Jeff Pierce\Application Data\4cb2ee38 moved successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Jeff Pierce

->Temp folder emptied: 16348999 bytes

->Temporary Internet Files folder emptied: 10287300 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 136094305 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 4084 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 33251 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 42164505 bytes

Total Files Cleaned = 195.00 mb

Restore points cleared and new OTL Restore Point set!

Error starting restore point: System Restore is disabled.

Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.31.0 log created on 11212011_193206

Files\Folders moved on Reboot...

C:\WINDOWS\temp\Perflib_Perfdata_a6c.dat moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.