Email hijacked - possibly from this computer

**notcoleslaw** · August 6th, 2010, 01:23 AM

This computer has had issues anyway, running slowly, etc. but yesterday my husband's email account was hijacked and everyone he had ever emailed got a sob story about how he was stranded in the UK and needed money, and please send, and he would pay them back in a few days....he promised.

When I tried to log into my yahoo account, I didn't see my signin page with appropriate 'seal' so I figured the hijack came from this computer.

I'll post all the logs, but one extra detail. I have an external hard-drive. Didn't want to scan that, so did malwarebytes Quick scan, then rebooted, then disconnected hard-drive (which rebooted Windows for some reason -- I know I should have disconnected before the malwarebytes scan, but didn't, and didn't rescan -- just thought you should know), then continued with the gmer and dds.

Anyway, here it all is...I thought you wanted these logs posted in-line, but they're too big, so I'll attach. Thanks so much for your help...I think it's quite a mess.

**Broni** · August 6th, 2010, 01:36 AM

Please, paste all logs into your post, as the instructions say.

**notcoleslaw** · August 6th, 2010, 01:46 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4396

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

8/5/2010 7:01:27 PM
mbam-log-2010-08-05 (19-01-27).txt

Scan type: Quick scan
Objects scanned: 204872
Time elapsed: 44 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 37
Files Infected: 488

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\asd3.testmyie2 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asd3.testmyie2.1 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f143c3a-1457-6cca-03a7-7aa23b61e40f} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Cydoor Services (AdWare.Cydoor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Cydoor (AdWare.Cydoor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\DownloadWare (Adware.DownloadWare) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownloadWare (Adware.DownloadWare) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenU) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{3f143c3a-1457-6cca-03a7-7aa23b61e40f} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Eric\Application Data\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\HostOI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\HostOI\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\HostOI\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\HostOL (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\HostOL\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\HostOL\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\dynamic\Tooltip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\HostOI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\HostOI\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\HostOI\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\HostOL (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\HostOL\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\HostOL\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\dynamic\Tooltip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\AdCache (AdWare.Cydoor) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2527948133-1975315110-1187317151-1007\Dc9.tmp (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\dynamic\1005433.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055563.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055639.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055780.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.

... Still too long...all Adware.Hotbar stuff deleted the rest. Let me know if you want it.

C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\static\2\samplegroups2.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\reports.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\IESkins\EZbar.bmp (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055547.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055556.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055563.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055780.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\dynamic\1070500.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Application Data\Hotbar\v3.0\Hotbar\dynamic\1141546.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.

... Same for this user

**notcoleslaw** · August 6th, 2010, 01:47 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-05 21:40:33
Windows 5.1.2600 Service Pack 2
Running: 3ug03x4c.exe; Driver: C:\DOCUME~1\Steph\LOCALS~1\Temp\fwtdqpob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF590BD98]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF590BCB8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.) ZwDeleteKey [0xF5AE0B10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF590C12A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF590B8AA]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.) ZwLoadKey [0xF5AE0B90]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF590BD2E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.) ZwOpenProcess [0xF5AE04C0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF590B83C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF590BE42]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.) ZwReplaceKey [0xF5AE0C40]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF590BE02]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF590BF84]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF7143340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x25BA81, 0xF8000020]
init C:\WINDOWS\System32\drivers\vnxtcp.sys entry point in "init" section [0xF3A28338]
init C:\WINDOWS\System32\drivers\HPFECP20.SYS entry point in "init" section [0xF2884080]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F5AD1570] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F5AD1780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F5AD18C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F5AD16B0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F5AD16B0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F5AD1570] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F5AD1780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F5AD18C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F5AD1570] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F5AD18C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F5AD1780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F5AD16B0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F5AD18C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F5AD1780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F5AD1570] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F5AEB650] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F5AD16B0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F5AD1570] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F5AD1780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F5AD18C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F5AD1570] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F5AD16B0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F5AD18C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F5AD1780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[864] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[864] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip vnxtcp.sys

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp vnxtcp.sys

Device \Driver\GTNDIS5 \Device\GTNDIS5 F0F6C546
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp vnxtcp.sys

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp vnxtcp.sys

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
Device \Driver\aswRdr \Device\ASWRDR F0E29314
Device \Driver\aswRdr \Device\AswRdrTcpFilter F0E29314
Device \FileSystem\Fastfat \Fat F0C65C8A

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----

**notcoleslaw** · August 6th, 2010, 01:48 AM

DDS (Ver_10-03-17.01) - NTFSx86
Run by Steph at 21:52:43.54 on Thu 08/05/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.373 [GMT -7:00]

AV: avast! antivirus 4.8.1169 [VPS 100731-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\vnxserv.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\temp\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AIM] c:\program files\aim95\aim.exe -cnetwait.odl
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [sr1exe] "c:\documents and settings\all users\application data\dell\alert\252\updtSup3.exe"
mRun: [PestPatrol Control Center] c:\program files\pestpatrol\PPControl.exe
mRun: [PPMemCheck] c:\progra~1\pestpa~1\PPMemCheck.exe
mRun: [CookiePatrol] c:\progra~1\pestpa~1\CookiePatrol.exe
mRun: [nwiz] nwiz.exe /install
mRun: [wcmdmgr] c:\windows\wt\updater\wcmdmgrl.exe -launch
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ViewMgr] c:\program files\viewpoint\viewpoint manager\ViewMgr.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: <NO NAME> =
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.dotphoto.com/DPImageUploader.cab
DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - hxxp://install.wildtangent.com/bgn/partners/aolim/install.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Hosts: 192.168.235.231 hpux03.taliantsoftware.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steph\applic~1\mozilla\firefox\profiles\p2qr9d98.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-15 75856]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-12-19 266328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-15 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2005-8-21 144760]
R2 VnxTcp;VnxTcp;c:\windows\system32\drivers\vnxtcp.sys [2003-6-8 148240]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WUSB54GSSVC;WUSB54GSSVC;c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [2005-6-3 41025]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2005-8-21 247160]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2005-8-21 345464]
S2 gupdate1ca0a7b7444df2a;Google Update Service (gupdate1ca0a7b7444df2a);c:\program files\google\update\GoogleUpdate.exe [2009-7-21 133104]

=============== Created Last 30 ================

2010-08-06 04:52:18 525824 ----a-w- c:\temp\dds.scr
2010-08-06 02:09:25 293376 ----a-w- c:\temp\3ug03x4c.exe
2010-08-06 01:13:29 0 d-----w- c:\docume~1\steph\applic~1\Malwarebytes
2010-08-06 01:13:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-06 01:13:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-06 01:13:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-06 01:13:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 01:11:53 6153352 ----a-w- c:\temp\mbam-setup-1.46.exe
2010-07-16 05:15:33 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2004-03-05 03:00:15 1653 -c--a-w- c:\program files\INSTALL.LOG
2003-11-19 06:44:02 60100 -c--a-w- c:\program files\message.wav
2003-11-19 06:29:50 735 -c--a-w- c:\program files\Readme.txt
2003-11-19 05:07:06 2748416 -c--a-w- c:\program files\slsk.exe

============= FINISH: 21:53:42.96 ===============

**notcoleslaw** · August 6th, 2010, 01:52 AM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/25/2003 10:20:02 PM
System Uptime: 8/5/2010 9:44:18 PM (0 hours ago)

Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2392/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 5.019 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Parallel Device
Device ID: ROOT\LEGACY_HPFECP20\0000
Manufacturer:
Name: Parallel Device
PNP Device ID: ROOT\LEGACY_HPFECP20\0000
Service: HPFECP20

==== System Restore Points ===================

RP2225: 6/6/2010 11:57:33 PM - System Checkpoint
RP2226: 6/8/2010 12:01:40 AM - System Checkpoint
RP2227: 6/9/2010 12:19:12 AM - System Checkpoint
RP2228: 6/10/2010 1:04:21 AM - System Checkpoint
RP2229: 6/13/2010 1:57:49 PM - System Checkpoint
RP2230: 6/14/2010 7:52:16 AM - Software Distribution Service 3.0
RP2231: 6/15/2010 9:44:24 AM - System Checkpoint
RP2232: 6/16/2010 12:03:38 PM - System Checkpoint
RP2233: 6/17/2010 7:46:10 PM - System Checkpoint
RP2234: 6/18/2010 8:01:23 PM - System Checkpoint
RP2235: 6/20/2010 12:08:28 AM - System Checkpoint
RP2236: 6/21/2010 12:54:46 AM - System Checkpoint
RP2237: 6/22/2010 12:56:53 AM - System Checkpoint
RP2238: 6/23/2010 1:56:52 AM - System Checkpoint
RP2239: 6/23/2010 9:08:33 AM - Software Distribution Service 3.0
RP2240: 6/24/2010 6:23:28 PM - System Checkpoint
RP2241: 6/25/2010 7:05:35 PM - System Checkpoint
RP2242: 6/26/2010 8:05:35 PM - System Checkpoint
RP2243: 6/27/2010 8:15:25 PM - System Checkpoint
RP2244: 7/3/2010 6:50:30 AM - System Checkpoint
RP2245: 7/4/2010 7:23:59 AM - System Checkpoint
RP2246: 7/5/2010 11:52:34 AM - System Checkpoint
RP2247: 7/6/2010 12:43:29 PM - System Checkpoint
RP2248: 7/7/2010 12:46:07 PM - System Checkpoint
RP2249: 7/8/2010 12:47:13 PM - System Checkpoint
RP2250: 7/9/2010 1:46:11 PM - System Checkpoint
RP2251: 7/10/2010 2:07:23 PM - System Checkpoint
RP2252: 7/11/2010 3:07:23 PM - System Checkpoint
RP2253: 7/13/2010 7:41:39 AM - System Checkpoint
RP2254: 7/15/2010 6:18:50 PM - System Checkpoint
RP2255: 7/15/2010 10:47:07 PM - Software Distribution Service 3.0
RP2256: 7/16/2010 11:17:49 PM - System Checkpoint
RP2257: 7/18/2010 8:32:44 AM - System Checkpoint
RP2258: 7/19/2010 9:09:41 AM - System Checkpoint
RP2259: 7/21/2010 8:16:25 AM - System Checkpoint
RP2260: 7/23/2010 8:18:37 AM - System Checkpoint
RP2261: 7/24/2010 9:18:55 AM - System Checkpoint
RP2262: 7/27/2010 7:01:21 PM - System Checkpoint
RP2263: 7/28/2010 8:04:32 PM - System Checkpoint
RP2264: 7/30/2010 7:29:08 AM - System Checkpoint
RP2265: 7/31/2010 8:24:16 AM - System Checkpoint
RP2266: 8/1/2010 1:41:07 PM - System Checkpoint
RP2267: 8/2/2010 2:08:58 PM - System Checkpoint
RP2268: 8/3/2010 2:56:57 PM - System Checkpoint
RP2269: 8/5/2010 5:28:16 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe® Photoshop® Album Starter Edition 3.0
AIO_Scan
AnswerWorks 4.0 Runtime - English
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Ares 1.9.0
avast! Antivirus
Banctec Service Agreement
Bonjour
BufferChm
Camera Window
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
Comcast High-Speed Internet Install Wizard
Copy
CustomerResearchQFolder
Dell Digital Jukebox Driver
Dell File Manager
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
Desktop Doctor
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Easy CD Creator 5 Basic
ESPNMotion
eSupportQFolder
F4100
F4100_Help
FeedReader
File Viewer Utility 1.2
Google Chrome
Google Update Helper
Google Updater
Google Video Player
GoToMeeting/GoToWebinar 3.0.0.198
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 8.0
HP DeskJet 610C Series (Remove only)
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Product Assistant
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
iPod for Windows 2005-02-22
iPod for Windows 2005-10-12
iSEEK AnswerWorks English Runtime
iTunes
Java(TM) 6 Update 16
Java(TM) SE Runtime Environment 6 Update 1
Kazaa Media Desktop 2.1
KODAK EASYSHARE Gallery Upload ActiveX Control
Linksys Wireless-G USB Network Adapter
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MarketResearch
McAfee.com SecurityCenter
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft IntelliType Pro 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Standard
Microsoft Office PowerPoint Viewer 2003
Microsoft Silverlight
Mozilla Firefox (1.0)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MySQL Connector/ODBC 3.51
Network Essentials
Network Play System (Patching)
Nolo's Will Forms
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
Pdf995
PhotoStitch
QuickTime
RemoteCapture 2.7.0
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)

(to be continued)

**notcoleslaw** · August 6th, 2010, 01:53 AM

(remainder of attach.txt)

Shockwave
SolutionCenter
Soulseek Client 152
Sound Blaster Live!
Status
TaxCut Premium 2006
Titanic
Toolbox
TrayApp
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax Deluxe 2007
Uniblue DriverScanner
Uniblue SpeedUpMyPC 3
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VSClient
WebFldrs XP
WebReg
WildTangent Multiplayer Library
WildTangent Updater
WildTangent Web Driver
Winamp3 (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinFF 1.1
Yahoo! Install Manager
ZoneAlarm

==== Event Viewer Messages From Past Week ========

8/5/2010 7:15:00 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
8/5/2010 7:07:18 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/5/2010 7:07:18 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
8/5/2010 7:07:18 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/5/2010 7:07:18 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
8/5/2010 5:14:24 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
8/1/2010 1:20:08 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
8/1/2010 1:20:08 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
8/1/2010 1:19:41 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
7/31/2010 4:48:24 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

**Broni** · August 6th, 2010, 02:16 AM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**notcoleslaw** · August 6th, 2010, 08:14 PM

ComboFix 10-08-06.01 - Steph 08/06/2010 16:14:02.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.377 [GMT -7:00]
Running from: c:\documents and settings\Steph\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 100731-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Steph\g2mdlhlpx.exe
c:\program files\INSTALL.LOG
c:\windows\Readme.txt
c:\windows\system32\Data

.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-06 04:52 . 2010-08-06 04:52 525824 ----a-w- c:\temp\dds.scr
2010-08-06 02:09 . 2010-08-06 02:09 293376 ----a-w- c:\temp\3ug03x4c.exe
2010-08-06 01:13 . 2010-08-06 01:13 -------- d-----w- c:\documents and settings\Steph\Application Data\Malwarebytes
2010-08-06 01:13 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-06 01:13 . 2010-08-06 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-06 01:13 . 2010-08-06 01:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 01:13 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-06 01:11 . 2010-08-06 01:11 6153352 ----a-w- c:\temp\mbam-setup-1.46.exe
2010-07-16 05:15 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 15:22 . 2003-11-26 05:41 -------- d-----w- c:\program files\PestPatrol
2010-08-06 04:45 . 2008-06-23 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-06 02:18 . 2010-08-06 02:20 17408 ----a-w- c:\windows\Internet Logs\xDB10B.tmp
2010-08-06 02:17 . 2010-08-06 02:20 5032448 ----a-w- c:\windows\Internet Logs\xDB10A.tmp
2010-08-06 02:10 . 2010-08-06 02:15 2670592 ----a-w- c:\windows\Internet Logs\xDB109.tmp
2010-08-06 02:08 . 2010-08-06 02:15 5032448 ----a-w- c:\windows\Internet Logs\xDB108.tmp
2010-06-20 01:24 . 2010-06-18 20:53 -------- d-----w- c:\program files\Catan GmbH
2010-06-14 14:30 . 2002-08-29 11:00 743936 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-08 15:49 . 2010-06-09 02:11 4993536 ----a-w- c:\windows\Internet Logs\xDB107.tmp
2003-11-19 06:44 . 2003-11-19 06:44 60100 -c--a-w- c:\program files\message.wav
2003-11-19 06:29 . 2003-11-19 06:29 735 -c--a-w- c:\program files\Readme.txt
2003-11-19 05:07 . 2003-11-19 05:07 2748416 -c--a-w- c:\program files\slsk.exe
2004-11-07 20:57 . 2004-11-19 04:40 41571 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2004-11-07 20:57 . 2004-11-19 04:40 48221 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2004-11-07 20:57 . 2004-11-19 04:40 158821 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM95\aim.exe" [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2002-12-03 212992]
"sr1exe"="c:\documents and settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe" [2003-05-15 106496]
"PestPatrol Control Center"="c:\program files\PestPatrol\PPControl.exe" [2003-03-27 53248]
"PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480]
"CookiePatrol"="c:\progra~1\PESTPA~1\CookiePatrol.exe" [2003-05-30 69632]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-06-16 697624]
"ViewMgr"="c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-04-19 102400]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]

c:\documents and settings\Eric\Start Menu\Programs\Startup\
Epson.lnk - c:\windows\RUNEPSON.EXE [2003-3-26 51712]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
1 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 06:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
2004-08-26 01:08 253952 -c--a-w- c:\program files\DIGStream\digstream.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 21:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2002-09-07 00:15 192512 -c--a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2002-09-04 16:28 151552 -c--a-w- c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\slsk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [4/15/2008 5:47 PM 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [4/15/2008 5:47 PM 20560]
R2 VnxTcp;VnxTcp;c:\windows\SYSTEM32\DRIVERS\vnxtcp.sys [6/8/2003 3:59 PM 148240]
R2 WUSB54GSSVC;WUSB54GSSVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [6/3/2005 9:59 PM 41025]
S2 gupdate1ca0a7b7444df2a;Google Update Service (gupdate1ca0a7b7444df2a);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2009 8:20 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-08-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-23 01:51]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0cb34deaa536.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 03:20]

2003-03-26 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 07:56]

2010-08-06 c:\windows\Tasks\McAfee.com Update Check (D8SQPG21-Owner).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2003-02-26 16:28]

2010-08-06 c:\windows\Tasks\McAfee.com Update Check (GEORGE-Default).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2003-02-26 16:28]

2010-08-06 c:\windows\Tasks\McAfee.com Update Check (GEORGE-Eric).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2003-02-26 16:28]

2010-08-06 c:\windows\Tasks\McAfee.com Update Check (GEORGE-Jeremy).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2003-02-26 16:28]

2010-08-06 c:\windows\Tasks\McAfee.com Update Check (GEORGE-Steph).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2003-02-26 16:28]

2010-07-20 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-02-21 17:46]

2008-02-21 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-02-21 17:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Steph\Application Data\Mozilla\Firefox\Profiles\p2qr9d98.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
HKLM-Run-wcmdmgr - c:\windows\wt\updater\wcmdmgrl.exe
MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
AddRemove-ComcastHSI - c:\program files\Support.com\uninstall\chsi_uninstaller.exe
AddRemove-ESPNMotion - c:\progra~1\ESPNMO~1\UNWISE.EXE
AddRemove-Network Essentials - c:\program files\Network Essentials\v11\NE.EXE
AddRemove-wcmdmgr.exe - c:\windows\wt\updater\wcmdmgr.exe
AddRemove-wtDMMP - c:\windows\wt\updater\wcmdmgr.exe
AddRemove-wtwebdriver - c:\windows\wt\updater\wcmdmgr.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 16:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????X:??????x???P???X???????????P???P???? ?w? ?w)??p????????(???{????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????
sr1exe = "c:\documents and settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe" ??????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-08-06 17:04:51
ComboFix-quarantined-files.txt 2010-08-07 00:04

Pre-Run: 5,623,390,208 bytes free
Post-Run: 6,553,677,824 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 3F07A74A256C501A9697DD9A1850028F

**Broni** · August 6th, 2010, 08:21 PM

Combofix log looks fine

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

=============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**notcoleslaw** · August 6th, 2010, 09:08 PM

Unfortunately, I didn't copy everything into the Custom Scan box (missed first 2 lines and last line). Missed out on:

netsvcs
drivers32 /all
Update\Auto Update\Results\Install|LastSuccessTime /rs

I didn't notice until I was already scanning, so I let it complete. Let me know if you want me to do it again...or what.

Here are the results:
OTL logfile created on: 8/6/2010 5:39:39 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Steph\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 372.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 958 2274 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.91 Gb Total Space | 6.12 Gb Free Space | 21.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEORGE
Current User Name: Steph
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/06 17:38:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steph\Desktop\OTL.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/03/29 11:37:13 | 000,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/03/29 11:37:02 | 000,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/03/29 11:36:22 | 000,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/03/29 11:30:47 | 000,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/03/29 11:11:18 | 000,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/01 15:35:36 | 000,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM95\aim.exe
PRC - [2004/12/17 00:38:30 | 001,491,968 | ---- | M] (Cisco Linksys Corporation) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
PRC - [2004/06/16 04:48:24 | 000,697,624 | ---- | M] (Zone Labs Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2004/06/16 04:47:36 | 000,914,712 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
PRC - [2004/04/19 09:06:56 | 000,102,400 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
PRC - [2003/05/30 00:47:06 | 000,069,632 | ---- | M] () -- C:\Program Files\PestPatrol\CookiePatrol.exe
PRC - [2003/05/15 16:45:54 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2003/04/19 08:53:08 | 000,148,480 | ---- | M] () -- C:\Program Files\PestPatrol\PPMemCheck.exe
PRC - [2003/03/26 20:41:10 | 000,053,248 | ---- | M] () -- C:\Program Files\PestPatrol\PPControl.exe
PRC - [2002/12/03 12:25:26 | 000,212,992 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2002/04/10 15:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/04/03 00:01:00 | 000,135,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
PRC - [2001/08/05 17:55:22 | 000,049,152 | ---- | M] () -- C:\WINDOWS\SYSTEM32\vnxserv.exe

========== Modules (SafeList) ==========

MOD - [2010/08/06 17:38:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steph\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GS.exe -- (WUSB54GSSVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/03/29 11:37:02 | 000,144,760 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/03/29 11:36:22 | 000,247,160 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/03/29 11:30:47 | 000,345,464 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/03/29 11:11:18 | 000,017,272 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2004/06/16 04:47:36 | 000,914,712 | ---- | M] (Zone Labs Inc.) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2002/10/10 03:18:36 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel(R)
SRV - [2001/08/05 17:55:22 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\vnxserv.exe -- (VnxService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Steph\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2008/03/29 11:35:49 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/03/29 11:35:21 | 000,094,544 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/03/29 11:31:34 | 000,075,856 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/03/29 11:29:08 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/03/29 11:27:33 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/03/29 11:26:52 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2004/08/03 23:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/08/03 23:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:04:32 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/06/16 04:47:24 | 000,266,328 | ---- | M] (Zone Labs Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (vsdatant)
DRV - [2004/05/26 14:54:02 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/10/06 15:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/02/25 23:03:32 | 000,059,440 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/02/25 23:03:32 | 000,023,724 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/10/10 03:18:58 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/08/30 15:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2002/07/19 09:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/10 16:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 16:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 16:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 15:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 15:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/10/11 12:04:26 | 000,148,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vnxtcp.sys -- (VnxTcp)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1999/12/17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)
DRV - [1999/03/23 21:10:01 | 000,052,800 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\HPFECP20.SYS -- (HPFECP20)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial"
FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,"

FF - HKLM\software\mozilla\Mozilla Firefox 1.0\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2009/08/13 20:59:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/12/30 12:51:13 | 000,000,000 | ---D | M]

[2004/11/18 21:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\p2qr9d98.default\extensions
[2004/11/18 21:42:21 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\p2qr9d98.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/30 12:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/18 21:41:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions
[2004/11/18 21:41:01 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2004/11/07 13:57:00 | 000,041,571 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2004/11/07 13:57:00 | 000,048,221 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2004/11/07 13:57:00 | 000,158,821 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2006/11/09 16:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2004/11/07 13:57:00 | 000,000,680 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.png
[2004/11/07 13:57:00 | 000,000,735 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.src
[2004/11/07 13:57:00 | 000,000,356 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.png
[2004/11/07 13:57:00 | 000,000,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.src
[2004/11/07 13:57:00 | 000,000,557 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dictionary.png
[2004/11/07 13:57:00 | 000,000,692 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dictionary.src
[2004/11/07 13:57:00 | 000,000,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.gif
[2004/11/07 13:57:00 | 000,001,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.src
[2004/11/07 13:57:00 | 000,001,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.gif
[2010/01/08 18:04:46 | 000,000,750 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.src
[2004/11/07 13:57:00 | 000,000,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.gif
[2004/11/07 13:57:00 | 000,001,098 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.src

**notcoleslaw** · August 6th, 2010, 09:14 PM

O1 HOSTS File: ([2010/08/06 16:51:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CookiePatrol] C:\Program Files\PestPatrol\CookiePatrol.exe ()
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe ()
O4 - HKLM..\Run: [PPMemCheck] C:\Program Files\PestPatrol\PPMemCheck.exe ()
O4 - HKLM..\Run: [sr1exe] C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe (Dell)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs Inc.)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/download...2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.dotphoto.com/DPImageUploader.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} http://install.wildtangent.com/bgn/p...im/install.cab (WTHoster Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Steph\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steph\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ctmp3 - C:\WINDOWS\SYSTEM32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\MSG711.ACM (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\MSG723.ACM (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\MSGSM32.ACM (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\IR41_32.AX (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\MSACM32.DRV (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/06 17:38:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steph\Desktop\OTL.exe
[2010/08/06 17:29:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/06 16:11:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/06 16:05:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/06 16:05:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/06 16:05:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/06 16:05:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/06 16:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/06 16:02:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/05 18:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steph\Application Data\Malwarebytes
[2010/08/05 18:13:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/05 18:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/05 18:13:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/05 18:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/07 10:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steph\My Documents\Downloads
[2010/06/18 13:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\Catan GmbH
[2010/06/06 15:07:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2003/02/25 22:47:02 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Steph\My Documents\*.tmp files -> C:\Documents and Settings\Steph\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/06 17:38:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steph\Desktop\OTL.exe
[2010/08/06 17:34:44 | 000,000,891 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/06 17:32:34 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/06 17:32:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0cb34deaa536.job
[2010/08/06 17:32:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/06 17:31:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/06 17:31:40 | 804,331,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/06 17:30:50 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Steph\NTUSER.DAT
[2010/08/06 17:30:23 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Steph\NTUSER.INI
[2010/08/06 16:51:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/06 16:51:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/08/06 16:11:17 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/08/06 16:01:04 | 003,816,456 | R--- | M] () -- C:\Documents and Settings\Steph\Desktop\ComboFix.exe
[2010/08/05 21:47:39 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/08/05 18:13:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/31 17:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/27 18:16:08 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/07/19 22:15:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2010/07/07 10:45:25 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Word.lnk
[2010/06/23 09:13:16 | 000,488,566 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 09:13:16 | 000,432,796 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/23 09:13:16 | 000,067,370 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/15 05:38:37 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/14 08:11:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 14:54:16 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Steph\Local Settings\Application Data\housecall.guid.cache
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Steph\My Documents\*.tmp files -> C:\Documents and Settings\Steph\My Documents\*.tmp -> ]

**notcoleslaw** · August 6th, 2010, 09:16 PM

========== Files Created - No Company Name ==========

[2010/08/06 16:11:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/06 16:11:12 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/06 16:05:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/06 16:05:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/06 16:05:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/06 16:05:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/06 16:05:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/06 16:00:57 | 003,816,456 | R--- | C] () -- C:\Documents and Settings\Steph\Desktop\ComboFix.exe
[2010/08/05 18:13:19 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/15 10:50:55 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0cb34deaa536.job
[2010/06/06 14:54:16 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Steph\Local Settings\Application Data\housecall.guid.cache
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/04/14 16:23:35 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/04/14 16:23:31 | 000,000,130 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/04/14 15:34:10 | 000,000,219 | ---- | C] () -- C:\WINDOWS\HPFTBX20.INI
[2007/04/14 15:34:10 | 000,000,193 | ---- | C] () -- C:\WINDOWS\hpc.ini
[2007/04/14 12:10:42 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/04/14 12:10:42 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/05/29 16:41:22 | 000,000,134 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/03 21:59:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/06/03 21:59:40 | 000,001,785 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2004/11/09 17:47:36 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/03/18 20:31:27 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PdSACKey.sys
[2004/01/28 17:36:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/01/19 20:51:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/07/27 13:53:54 | 000,000,149 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2003/06/08 18:42:52 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/06/08 15:59:35 | 000,148,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\vnxtcp.sys
[2003/05/24 09:56:19 | 000,053,889 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/03/31 21:01:26 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/03/26 22:00:53 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson640.ini
[2003/03/26 21:39:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/03/26 21:39:11 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/03/26 17:11:19 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003/03/26 17:11:19 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003/03/26 17:11:19 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003/03/26 16:56:28 | 000,000,427 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/02/25 23:05:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/02/25 22:49:18 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/02/25 22:49:17 | 000,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/02/25 22:47:49 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/02/25 22:47:02 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/02/25 22:47:02 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/02/25 22:47:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/02/25 22:47:00 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/02/25 22:47:00 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2003/02/25 22:47:00 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/02/25 22:46:01 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/02/25 22:42:31 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/02/25 22:20:40 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/02/06 08:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 13:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/09/19 13:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2000/10/23 18:12:34 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\std-2.1-vc5.0-mt.dll
[1999/03/23 21:10:07 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\HPFpcl20.dll
[1999/03/23 21:10:07 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl20.dll
[1999/03/23 21:10:06 | 000,209,408 | ---- | C] () -- C:\WINDOWS\System32\HPFwin20.dll
[1999/03/23 21:10:06 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\HPFnet20.dll
[1999/03/23 21:10:05 | 001,145,344 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl20.dll
[1999/03/23 21:10:05 | 000,401,920 | ---- | C] () -- C:\WINDOWS\System32\HPFui20.dll
[1999/03/23 21:10:05 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst20.dll
[1999/03/23 21:10:04 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl20.dll
[1999/03/23 21:10:04 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa20.dll
[1999/03/23 21:10:04 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu20.dll
[1999/03/23 21:10:03 | 000,292,352 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl20.dll
[1999/03/23 21:10:03 | 000,137,232 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc20.dll
[1999/03/23 21:10:03 | 000,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml20.dll
[1999/03/23 21:10:03 | 000,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem20.dll
[1999/03/23 21:10:03 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\HPFmon20.dll
[1999/03/23 21:10:02 | 001,777,664 | ---- | C] () -- C:\WINDOWS\System32\HPFimg20.dll
[1999/03/23 21:10:02 | 000,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop20.dll
[1999/03/23 21:10:01 | 000,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp20.sys
[1999/03/23 21:10:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl20.dll
[1999/03/23 21:10:00 | 000,194,048 | ---- | C] () -- C:\WINDOWS\System32\HPFcps20.dll
[1999/03/23 21:10:00 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt20.dll
[1999/03/23 21:10:00 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r20.dll
[1999/03/23 21:10:00 | 000,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom20.dll
[1999/03/23 21:07:53 | 000,004,715 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk20.ini
[1999/03/23 21:07:22 | 000,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm20.dll

========== LOP Check ==========

[2008/08/29 08:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2006/12/31 18:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/04/14 16:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/08/28 20:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2004/07/23 16:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/13 21:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/08/28 20:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D994735B-8DC6-4AEE-B720-704A4EC0402E}
[2008/08/28 20:42:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F7498CBA-F30B-4739-8CF3-167AF0872B2E}
[2005/09/28 23:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Aim
[2003/07/27 13:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\ChessBase
[2010/04/21 18:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Image Zone Express
[2003/04/13 16:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\InterTrust
[2006/02/20 20:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Leadertech
[2005/08/31 16:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Musicmatch
[2007/04/14 16:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\pdf995
[2010/04/21 18:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Printer Info Cache
[2008/02/20 23:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Uniblue
[2007/01/17 23:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Viewpoint
[2010/03/09 22:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\VirtualStore
[2003/03/25 22:19:09 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2010/07/19 22:15:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/02/20 23:15:25 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/04/14 00:33:26 | 000,024,576 | ---- | M] () -- C:\ap1.doc
[2002/09/03 07:59:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/01/04 19:01:16 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/06 16:11:17 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2002/09/03 07:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/06 17:04:52 | 000,019,676 | ---- | M] () -- C:\ComboFix.txt
[2002/09/03 07:59:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/03/27 15:04:29 | 000,000,237 | ---- | M] () -- C:\debugInstaller.txt
[2003/02/25 22:24:10 | 000,004,308 | RH-- | M] () -- C:\DELL.SDR
[2010/08/06 17:31:40 | 804,331,520 | -HS- | M] () -- C:\hiberfil.sys
[2002/09/03 07:59:58 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2003/02/25 22:52:15 | 000,000,336 | -H-- | M] () -- C:\IPH.PH
[2002/09/03 07:59:58 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2007/07/27 08:59:55 | 000,001,000 | ---- | M] () -- C:\net_save.dna
[2004/08/25 22:19:52 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/25 22:19:52 | 000,250,032 | RHS- | M] () -- C:\NTLDR
[2010/08/06 17:31:39 | 1004,535,808 | -HS- | M] () -- C:\pagefile.sys
[2010/01/15 09:11:53 | 000,000,923 | ---- | M] () -- C:\updatedatfix.log
[2004/04/22 18:38:08 | 000,000,001 | ---- | M] () -- C:\version

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
[2006/12/29 09:57:18 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\hpzpp4v2.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[1 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 10:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2010/05/04 10:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[2010/05/04 10:20:36 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\iepeers.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 07:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 07:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 07:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2007/03/08 08:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\SYSTEM32\user32.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 00:56:46 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\SYSTEM32\ws2_32.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/04 00:56:46 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\SYSTEM32\ws2help.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-16 05:51:18

< >
< End of report >

**notcoleslaw** · August 6th, 2010, 09:19 PM

OTL Extras logfile created on: 8/6/2010 5:39:39 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Steph\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 372.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 958 2274 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.91 Gb Total Space | 6.12 Gb Free Space | 21.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEORGE
Current User Name: Steph
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\slsk.exe" = C:\Program Files\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet

isabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{726C99D0-50C5-404F-9EFD-7B2834DFED50}" = Kazaa Media Desktop 2.1
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100
"{81463B08-A929-4125-A5F4-1B053AC35A09}" = Microsoft IntelliType Pro 5.0
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Instant Messenger" = AOL Instant Messenger
"Ares" = Ares 1.9.0
"avast!" = avast! Antivirus
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell File Manager" = Dell File Manager
"FeedReader_is1" = FeedReader
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"HP DeskJet 610C Series" = HP DeskJet 610C Series (Remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mcafee.com SecurityCenter" = McAfee.com SecurityCenter
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (1.0)" = Mozilla Firefox (1.0)
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nolo's Will Forms" = Nolo's Will Forms
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Pdf995" = Pdf995
"PhotoRecord" = Canon PhotoRecord
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"Shockwave" = Shockwave
"Soulseek Client 152" = Soulseek Client 152
"SpeedUpMyPC_is1" = Uniblue SpeedUpMyPC 3
"TaxCut Premium 2006" = TaxCut Premium 2006
"Titanic" = Titanic
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Uniblue DriverScanner" = Uniblue DriverScanner
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VSClient" = VSClient
"WIC" = Windows Imaging Component
"Winamp3" = Winamp3 (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinFF_is1" = WinFF 1.1
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198

**notcoleslaw** · August 6th, 2010, 09:20 PM

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/14/2005 1:22:09 AM | Computer Name = GEORGE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\HV7B99SE\tmob-728x90-0025[1].swf
failed, 0000A474.

Error - 9/14/2005 1:22:22 AM | Computer Name = GEORGE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\E783XE3Y\getSidebarLogin[1].htm
failed, 0000A474.

Error - 12/7/2005 10:07:29 PM | Computer Name = GEORGE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Desktop\Music\Snoop Doggy Dogg - Gin and Juice,
Part II.mp3 failed, 0000A477.

Error - 2/2/2006 9:56:22 PM | Computer Name = GEORGE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Desktop\Music\Snoop Doggy Dogg - Gin and Juice,
Part II.mp3 failed, 0000A477.

Error - 2/17/2006 1:09:15 AM | Computer Name = GEORGE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Desktop\Music\Snoop Doggy Dogg - Gin and Juice,
Part II.mp3 failed, 0000A477.

Error - 2/18/2006 6:03:42 PM | Computer Name = GEORGE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Desktop\Music\Snoop Doggy Dogg - Gin and Juice,
Part II.mp3 failed, 0000A477.

Error - 2/20/2006 9:48:19 PM | Computer Name = GEORGE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Desktop\Music\Snoop Doggy Dogg - Gin and Juice,
Part II.mp3 failed, 0000A477.

Error - 3/31/2006 9:09:22 PM | Computer Name = GEORGE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\Music\Snoop Doggy Dogg - Gin and Juice, Part II.mp3 failed, 0000A477.

Error - 4/9/2006 9:49:11 PM | Computer Name = GEORGE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\HV7B99SE\AP_45-49[1].doc
failed, 0000A477.

Error - 4/9/2006 9:49:21 PM | Computer Name = GEORGE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\HV7B99SE\AP_45-49[1].doc
failed, 0000A477.

[ Application Events ]
Error - 7/22/2010 6:26:38 PM | Computer Name = GEORGE | Source = Application Hang | ID = 1002
Description = Hanging application helpctr.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2010 9:17:13 PM | Computer Name = GEORGE | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.8.1, faulting module
hpwucli.exe, version 5.0.8.1, fault address 0x000045ea.

Error - 7/31/2010 4:15:18 PM | Computer Name = GEORGE | Source = Google Update | ID = 20
Description =

Error - 7/31/2010 5:15:17 PM | Computer Name = GEORGE | Source = Google Update | ID = 20
Description =

Error - 7/31/2010 6:15:17 PM | Computer Name = GEORGE | Source = Google Update | ID = 20
Description =

Error - 7/31/2010 7:15:19 PM | Computer Name = GEORGE | Source = Google Update | ID = 20
Description =

Error - 7/31/2010 8:15:18 PM | Computer Name = GEORGE | Source = Google Update | ID = 20
Description =

Error - 7/31/2010 9:15:17 PM | Computer Name = GEORGE | Source = Google Update | ID = 20
Description =

Error - 7/31/2010 10:15:17 PM | Computer Name = GEORGE | Source = Google Update | ID = 20
Description =

Error - 7/31/2010 11:15:19 PM | Computer Name = GEORGE | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8/5/2010 10:07:18 PM | Computer Name = GEORGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/5/2010 10:07:18 PM | Computer Name = GEORGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/5/2010 10:07:18 PM | Computer Name = GEORGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 8/5/2010 10:07:18 PM | Computer Name = GEORGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 8/5/2010 10:15:00 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 8/5/2010 10:16:54 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/5/2010 10:22:13 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/6/2010 12:47:23 AM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/6/2010 7:13:52 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7034
Description = The Vsclient Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/6/2010 8:34:27 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

< End of report >

Thread: Email hijacked - possibly from this computer

Thread Tools

Search Thread

Display

Email hijacked - possibly from this computer

OK, I'll add as separate replies -- still had to delete some stuf

ComboFix log

OTL Txt - part 1

OTL- part 2

OTL - part 3

Extras.txt (part 1)

Extras.txt (part 2)

Thread Information

Users Browsing this Thread

Posting Permissions