Solved: Redirected searches

mada360 · 21-May-2010, 01:39 PM #1

Recently my Dad installed a malware "security" program, i succesfully removed it using rkill and malwarebytes inside of safe-mode on xp; however i still am getting redirected, so i ran Hijackthis and found a couple of suspicious entries but i'm not sure if they're the problem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:05:PM, on 21/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Security\avg\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\PROGRA~1\Security\avg\avgrsx.exe
C:\PROGRA~1\Security\avg\avgnsx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\PROGRA~1\Security\avg\avgemc.exe
C:\Program Files\Security\avg\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\PROGRA~1\Security\avg\avgtray.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Documents and Settings\Julie\Application Data\Dropbox\bin\Dropbox.exe
C:\Documents and Settings\Julie\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\Security\avg\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Security\avg\avgssie.dll
O2 - BHO: (no name) - {49C5A41D-225D-4792-B656-9873522697D3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {80bf2261-0374-43d1-a5a8-204f1ec384c6} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\Security\avg\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: (no name) - {D6F5B312-EF0D-464D-A043-E6E08A35952C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\Security\avg\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\Security\avg\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Hobbyist Software On-Off Helper] C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper.exe /silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Julie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)" -"http://www.nationalexpress.com/coach/index.cfm?utm_source=Google&utm_medium=ppc"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [nohanevivu] Rundll32.exe "C:\WINDOWS\system32\tumazuba.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Julie\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: OfficeSAS.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZUfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215716495796
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/st...r_4.0.17.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\Security\avg\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: rqRIbYro - C:\WINDOWS\
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\Security\avg\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\Security\avg\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Off-Helper - Unknown owner - C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe

--
End of file - 12679 bytes

(The above two in bold are what i suspect is the problem because of the names, but just in case)

SweetTech · 22-May-2010, 10:10 AM #2

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:

Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have destructive effects.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

OTL Custom Scan

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /180
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.

NEXT:

Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

mada360 · 24-May-2010, 10:50 AM #3

OTL logfile created on: 23/05/2010 10:28:25 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.00 Mb Total Physical Memory | 47.00 Mb Available Physical Memory | 11.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 37.06 Gb Free Space | 37.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 9.52 Gb Total Space | 2.72 Gb Free Space | 28.62% Space Free | Partition Type: EXT3
Drive O: | 41.39 Gb Total Space | 7.36 Gb Free Space | 17.78% Space Free | Partition Type: NTFS

Computer Name: WORLEY
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper.exe ()
PRC - C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe ()
PRC - C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Security\avg\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)
PRC - C:\Program Files\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files\Security\avg\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Security\avg\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Security\avg\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Security\avg\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Security\avg\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\slserv.exe (Smart Link)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
PRC - C:\WINDOWS\system32\ufdsvc.exe (Generic)
PRC - C:\WINDOWS\system32\PAStiSvc.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- File not found
SRV - (Off-Helper) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe ()
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (TVersityMediaServer) -- C:\Program Files\TVersity\Media Server\MediaServer.exe ()
SRV - (avg8emc) -- C:\Program Files\Security\avg\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\Security\avg\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)
SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (UFDSVC) -- C:\WINDOWS\system32\ufdsvc.exe (Generic)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportBuka) -- C:\WINDOWS\system32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (Ext2Fsd) -- C:\WINDOWS\system32\drivers\ext2fsd.sys (www.ext2fsd.com)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (X4HSX32Ex) -- C:\Program Files\Metaboli Player\X4HSX32Ex.sys (Exent Technologies Ltd.)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (kqemu) -- C:\WINDOWS\system32\drivers\kqemu.sys ()
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (StreamSurge) StreamSurge Driver (miniport) -- C:\WINDOWS\system32\drivers\ss.sys (WikiTek Inc.)
DRV - (P730U) -- C:\WINDOWS\system32\drivers\P730U.sys (Mobile Action Technology Inc.)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\TosRfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\TosRfbd.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\Tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (P730M) -- C:\WINDOWS\system32\drivers\P730M.sys (Mobile Action Technology Inc.)
DRV - (P730C) -- C:\WINDOWS\system32\drivers\P730C.sys (Mobile Action Technology Inc.)
DRV - (MaRdPnp) -- C:\WINDOWS\system32\drivers\MaRdP2K.sys (Mobile Action Technology Inc.)
DRV - (MaVctrl) -- C:\WINDOWS\system32\drivers\MaVc2K.sys (Mobile Action Technology Inc.)
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)
DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (Cap713x) -- C:\WINDOWS\system32\drivers\Cap713x.sys (PSH)
DRV - (GTNDIS5) -- C:\Program Files\Belkin\F5D9050\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ca533av) -- C:\WINDOWS\system32\drivers\Ca533av.sys (Digital Camera)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (USBCamera) -- C:\WINDOWS\system32\drivers\Bulk533.sys (USB BULK)
DRV - (vcdrom) -- C:\WINDOWS\system32\drivers\VCdRom.sys (Microsoft Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 55 D7 E6 F3 71 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\Security\avg\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\Security\avg\Firefox [2009/12/22 11:51:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\Security\avg\Toolbar\Firefox\avg@igeared [2010/01/15 13:27:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: E:\PortableApps\FirefoxPortable\App\firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: E:\PortableApps\FirefoxPortable\App\firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/15 22:44:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/11 16:32:54 | 000,000,000 | ---D | M]

[2009/02/08 17:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
[2009/02/08 17:50:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2010/05/20 18:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\t3hlecss.default\extensions
[2009/08/09 19:48:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\t3hlecss.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/17 21:09:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\t3hlecss.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/17 21:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\t3hlecss.default\extensions\personas@christop her.beard
[2010/05/20 22:30:10 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\t3hlecss.default\searchplugins\bing.xml
[2010/05/19 21:00:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
[2006/09/21 18:29:00 | 000,135,227 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npExentCtl.dll
[2007/12/19 13:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/07/26 15:45:32 | 000,318,347 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bebo.com
O1 - Hosts: 127.0.0.1 www.bebo.com
O1 - Hosts: 127.0.0.1 bebo.co.uk
O1 - Hosts: 127.0.0.1 www.bebo.co.uk
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 10921 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Security\avg\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {49C5A41D-225D-4792-B656-9873522697D3} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Security\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {80bf2261-0374-43d1-a5a8-204f1ec384c6} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\Security\avg\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {D6F5B312-EF0D-464D-A043-E6E08A35952C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\Security\avg\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\Security\avg\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\Security\avg\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [Hobbyist Software On-Off Helper] C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Security\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1215716495796 (MUWebControl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/st...r_4.0.17.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...nt/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\Security\avg\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\rqRIbYro: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/10 14:12:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d9aa1014-d27a-11dd-b0e2-005056c00008}\Shell\AutoRun\command - "" = StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/07/10 14:12:00 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746478449557504)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 09:59:39 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/05/21 20:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Research
[2010/05/21 19:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/05/21 19:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Photosynth
[2010/05/20 21:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/18 08:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/18 08:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/16 17:01:34 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/05/16 11:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/16 11:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/14 17:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2010/05/14 17:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2010/05/09 21:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hobbyist Software
[2010/05/08 11:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2010/05/08 11:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Driving Test Success - All Tests (2009-2010)
[2010/05/02 20:57:49 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll
[2010/05/02 20:57:49 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
[2010/05/02 20:57:49 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
[2010/05/02 20:57:49 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll
[2010/05/02 20:57:49 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll
[2010/05/02 20:57:49 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll
[2010/05/02 20:57:49 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll
[2010/05/02 20:57:49 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll
[2010/05/02 20:57:49 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX
[2010/05/02 20:57:49 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2010/05/02 20:57:49 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX
[2010/05/02 20:57:49 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2010/05/02 20:57:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
[2010/05/02 20:57:48 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL
[2010/05/02 20:57:47 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2010/05/02 20:57:47 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll
[2010/05/02 20:57:46 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2010/05/02 20:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Free Audio Pack
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/23 10:45:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{87B8FE37-D887-4987-8C12-7790F9683185}.job
[2010/05/23 10:44:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1004UA.job
[2010/05/23 10:44:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CB794B10-EA7E-41C0-8BC5-B58A21901C34}.job
[2010/05/23 10:43:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8892A9E9-8D6A-4753-B8AD-26B5D41F345D}.job
[2010/05/23 10:33:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/23 10:28:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/23 10:20:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/23 10:16:41 | 000,011,329 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2010/05/23 10:14:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/23 10:14:33 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\lrzpvrig.job
[2010/05/23 10:14:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 10:14:21 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/23 09:58:21 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/05/23 09:58:06 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\John\Desktop\qvimenmm.exe
[2010/05/22 21:29:21 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\John\ntuser.dat
[2010/05/22 21:29:21 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\John\ntuser.ini
[2010/05/22 21:11:00 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1012UA.job
[2010/05/22 21:05:01 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1008UA.job
[2010/05/22 09:45:06 | 060,246,260 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/21 21:44:15 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1004Core.job
[2010/05/20 21:33:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\John\Desktop\HijackThis.lnk
[2010/05/19 23:05:00 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1008Core.job
[2010/05/18 13:11:00 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1012Core.job
[2010/05/11 21:02:06 | 000,000,600 | ---- | M] () -- C:\WINDOWS\PUTTY.RND
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/23 09:59:39 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\John\Desktop\qvimenmm.exe
[2010/05/21 21:57:30 | 000,200,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/21 17:32:43 | 469,291,008 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/21 16:57:29 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\John\avgrep.txt
[2010/05/20 21:32:59 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\John\Desktop\HijackThis.lnk
[2010/05/11 21:02:03 | 000,000,600 | ---- | C] () -- C:\WINDOWS\PUTTY.RND
[2010/05/02 20:57:50 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2010/05/02 20:57:45 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/04/27 22:16:35 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/09 17:38:02 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/03/02 21:04:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/01/23 21:17:21 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/23 21:17:21 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/30 13:09:26 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2008/12/03 20:01:00 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\uuwctbkx.ini
[2008/11/09 13:09:00 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 17:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/28 20:44:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2008/10/28 20:07:39 | 000,000,086 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2008/10/28 20:05:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MessageExe.INI
[2008/10/18 18:55:33 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2008/09/04 20:03:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/09/03 11:00:20 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2008/09/03 11:00:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2008/09/03 11:00:18 | 000,706,048 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.1.dll
[2008/08/18 14:41:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2008/08/18 14:41:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
[2008/08/18 14:37:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2008/08/14 12:20:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/08/14 11:58:19 | 000,007,852 | ---- | C] () -- C:\WINDOWS\System32\mcdmsg7.dll
[2008/08/07 10:07:03 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2008/08/07 10:06:44 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2008/08/02 18:03:04 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/07/15 18:17:58 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008/07/14 19:51:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\F5D9050.dll
[2008/07/14 19:51:35 | 000,000,525 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2008/07/14 17:57:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/07/10 17:24:30 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/07/10 17:24:27 | 000,000,412 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/07/10 15:58:05 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/07/10 15:58:04 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/10 15:44:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/08 17:03:43 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/02/06 22:02:00 | 000,123,939 | ---- | C] () -- C:\WINDOWS\System32\drivers\kqemu.sys
[2006/11/09 22:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/03 11:38:27 | 000,001,888 | ---- | C] () -- C:\WINDOWS\CA533A.INI
[2006/08/03 11:38:19 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2006/08/02 18:07:00 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2005/01/25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004/12/02 15:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/22 10:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/29 15:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll

========== LOP Check ==========

[2009/06/23 19:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/08/18 14:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blender Foundation
[2008/12/24 12:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2008/10/13 19:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2010/05/10 20:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2010/05/23 10:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hobbyist Software
[2008/09/19 19:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2009/09/15 17:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010/05/20 18:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2008/07/12 10:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/12/05 17:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/07/19 20:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metaboli Player
[2008/10/19 13:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/12/25 13:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/12/11 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/05/14 17:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2009/10/20 19:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/08 21:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\.purple
[2009/06/02 10:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\AVGTOOLBAR
[2008/09/18 08:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\BitMeter2
[2009/10/19 16:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\gtk-2.0
[2009/07/19 19:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\IObit
[2008/08/26 17:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Launchy
[2009/02/08 17:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Participatory Culture Foundation
[2009/01/18 12:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Research In Motion
[2009/03/19 18:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Samsung
[2009/01/11 15:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Skinux
[2009/08/19 15:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Spotify
[2009/12/14 10:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Trusteer
[2009/03/19 18:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\uTorrent
[2006/08/03 21:53:27 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\dfrg.job
[2010/05/23 10:14:33 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\lrzpvrig.job
[2010/05/23 10:45:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{87B8FE37-D887-4987-8C12-7790F9683185}.job
[2010/05/23 10:43:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8892A9E9-8D6A-4753-B8AD-26B5D41F345D}.job
[2010/05/23 10:44:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CB794B10-EA7E-41C0-8BC5-B58A21901C34}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/10/05 10:26:47 | 000,001,024 | ---- | M] () -- C:\.rnd
[2008/07/10 14:12:43 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/12 19:26:48 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2008/07/12 15:04:52 | 000,000,000 | RHS- | M] () -- C:\config.sys
[2010/03/29 10:01:35 | 000,000,090 | ---- | M] () -- C:\error.log
[2010/05/23 10:14:21 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/28 19:47:42 | 001,782,338 | ---- | M] () -- C:\HMV9Inst.log
[2008/07/10 14:12:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/03/04 06:09:06 | 000,182,400 | ---- | M] () -- C:\LEVIBRUSH.TTF
[2008/07/10 14:12:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/10 14:46:50 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/23 10:14:20 | 2147,483,648 | -HS- | M] () -- C:\pagefile.sys
[2008/07/19 20:24:09 | 001,195,083 | ---- | M] () -- C:\pastedpic_07192008_202407.png
[2010/05/21 16:25:29 | 000,000,382 | ---- | M] () -- C:\rkill.log
[2008/07/13 09:11:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/07/13 09:29:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/07/13 09:11:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/07/13 09:29:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/10/15 18:29:55 | 000,007,168 | -HS- | M] () -- C:\Thumbs.db
[2006/12/20 11:35:59 | 000,000,457 | ---- | M] () -- C:\VundoFix.txt
[2005/07/11 10:10:54 | 000,064,884 | ---- | M] () -- C:\X360.ttf

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/07/10 14:55:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/10 14:55:46 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/10 14:55:46 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 14:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/26 17:41:14 | 000,390,528 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\system32\drivers\RapportBuka.sys
[2009/12/31 17:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >

mada360 · 24-May-2010, 10:51 AM #4

OTL Extras logfile created on: 23/05/2010 10:28:25 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.00 Mb Total Physical Memory | 47.00 Mb Available Physical Memory | 11.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 37.06 Gb Free Space | 37.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 9.52 Gb Total Space | 2.72 Gb Free Space | 28.62% Space Free | Partition Type: EXT3
Drive O: | 41.39 Gb Total Space | 7.36 Gb Free Space | 17.78% Space Free | Partition Type: NTFS

Computer Name: WORLEY
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe" = C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe:*:Enabled:Off-Helper -- ()
"C:\Program Files\Hobbyist Software\Off-Helper\mdnsresponder.exe" = C:\Program Files\Hobbyist Software\Off-Helper\mdnsresponder.exe:*:Enabled:Off-Helper Bonjour Service -- (Apple Inc.)
"C:\Program Files\Hobbyist Software\Off-Helper\dnssd-hobbyist.dll" = C:\Program Files\Hobbyist Software\Off-Helper\dnssd-hobbyist.dll:*:Enabled:Off-Helper Bonjour Service DLL -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlightGear\bin\win32\fgfs.exe" = C:\Program Files\FlightGear\bin\win32\fgfs.exe:*:Enabled:fgfs -- File not found
"C:\Program Files\Security\avg\avgemc.exe" = C:\Program Files\Security\avg\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Security\avg\avgupd.exe" = C:\Program Files\Security\avg\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE -- File not found
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled

elivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"X:\Program Files\Ghost Recon\GhostRecon.exe" = X:\Program Files\Ghost Recon\GhostRecon.exe:*:Enabled:GhostRecon.exe -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*

isabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*

isabled:Windows Live Messenger (Phone) -- File not found
"C:\Westwood\SUN\PATCHGET.DAT" = C:\Westwood\SUN\PATCHGET.DAT:*:Enabled

atchgrabber -- File not found
"C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe" = C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe:*:Enabled:Adobe After Effects CS3 -- (Adobe Systems Incorporated )
"C:\Program Files\XBMC\XBMC.exe" = C:\Program Files\XBMC\XBMC.exe:*:Enabled:XBMC -- File not found
"C:\Documents and Settings\Adam.WORLEY-46B190B0\My Documents\game\Nexuiz\nexuiz.exe" = C:\Documents and Settings\Adam.WORLEY-46B190B0\My Documents\game\Nexuiz\nexuiz.exe:*:Enabled:Nexuiz -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" = C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe:*:Enabled:FNPLicensingService -- (Macrovision Europe Ltd.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Verdiem\Edison\Edison.exe" = C:\Program Files\Verdiem\Edison\Edison.exe:*:Enabled:Edison -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found
"C:\Program Files\GridNetworks\Gridcast\GridcastSvc.exe" = C:\Program Files\GridNetworks\Gridcast\GridcastSvc.exe:*:Enabled:GridCast -- File not found
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Documents and Settings\Julie\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Julie\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled

ropbox -- ()
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper.exe" = C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper.exe:*:Enabled:Off-Helper -- ()
"C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe" = C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe:*:Enabled:Firefox -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe" = C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe:*:Enabled:Off-Helper -- ()
"C:\Program Files\Hobbyist Software\Off-Helper\mdnsresponder.exe" = C:\Program Files\Hobbyist Software\Off-Helper\mdnsresponder.exe:*:Enabled:Off-Helper Bonjour Service -- (Apple Inc.)
"C:\Program Files\Hobbyist Software\Off-Helper\dnssd-hobbyist.dll" = C:\Program Files\Hobbyist Software\Off-Helper\dnssd-hobbyist.dll:*:Enabled:Off-Helper Bonjour Service DLL -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}" = LG PC Suite
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{273EAF0F-8EBB-917A-F3C2-80EF5FB0B7F7}" = SpotifyAlarm
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36DCA203-08E8-467D-92FB-C1F51EEEE9C5}" = ArcSoft VideoImpression 2
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4CBAD7DB-C645-4C75-AF36-41BAC646266A}" = MGA
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52780C33-4BAE-498F-AAB6-E84D9C54E4B7}" = Heinemann Solutionbank Core C1
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{9922FE96-6803-498D-A6AD-4EB5A3B956A5}" = Belkin Wireless G Plus MIMO USB Network Adapter
"{9C5B68E5-4ED8-4F5C-B557-813F0E4EDD85}" = Programming API (experimental)
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DB4CEAD-407B-4E3D-96C5-CC5FFA994289}" = LG PC Suite
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.86
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3DAC196-8487-4E2E-94F3-9CBE361EB712}" = Microsoft Image Composite Editor
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Technika
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}" = Photosynth 2.0110.0317.1042
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EFA4532F-F1B2-42AE-AE76-013D8A69AEE0}_is1" = MKN TaskExplorer 5
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F1C9C7F7-0D56-40B2-A276-152762D39BCA}" = Adobe Setup
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F597BD44-CA62-438D-9923-6E19CC99BD45}" = Samsung E720 USB-Handset Manager
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5d83aea83f5009a0d267d337e3f55fe" = Adobe After Effects CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Advanced PSD Repair v1.4" = Advanced PSD Repair v1.4
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.8
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.5
"AviSynth" = AviSynth 2.5
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Carbonite Backup" = AVG Online Backup
"CCleaner" = CCleaner
"com.adobe.example.SpotifyAlarm.FC7B7B9D03C4E3E799BB0585DDD8729C451AF00 8.1" = SpotifyAlarm
"Crimson Editor" = Crimson Editor (remove only)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Defraggler" = Defraggler (remove only)
"Digsby" = Digsby
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2009-2010)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Ext2Fsd_is1" = Ext2Fsd 0.46
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Off-Helper_is1" = Off-Helper 2.00
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenAL" = OpenAL
"Photo Viewer" = Photo Viewer 2.3
"Rapport_msi" = Rapport
"Recuva" = Recuva (remove only)
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Seven Remix XP" = Seven Remix XP 2.0
"Smart Defrag_is1" = Smart Defrag 1.20
"Spotify" = Spotify
"Trapcode Particular" = Trapcode Particular
"TuneUpMedia" = TuneUp Companion 1.6.9
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 1.7.2.1 Beta
"TVersity Media Server " = TVersity Media Server 1.0.0.11 RC7
"VLC Connection Utility_is1" = VLC Connection Utility 2.60
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = Gimp 2.6.1
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XCC Utilities" = XCC Utilities 1.46
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/05/2010 05:27:47 | Computer Name = WORLEY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x1129f1dd.

Error - 23/05/2010 05:33:53 | Computer Name = WORLEY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 23/05/2010 05:33:53 | Computer Name = WORLEY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 23/05/2010 05:33:53 | Computer Name = WORLEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 23/05/2010 05:33:53 | Computer Name = WORLEY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 23/05/2010 05:33:53 | Computer Name = WORLEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 23/05/2010 05:33:55 | Computer Name = WORLEY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 23/05/2010 05:33:55 | Computer Name = WORLEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 23/05/2010 05:33:55 | Computer Name = WORLEY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 23/05/2010 05:33:55 | Computer Name = WORLEY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 10/12/2008 12:11:07 | Computer Name = WORLEY-46B190B0 | Source = Service Control Manager | ID = 7023
Description = The KService service terminated with the following error: %%2147500037

Error - 10/12/2008 12:13:54 | Computer Name = WORLEY-46B190B0 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 10/12/2008 12:15:56 | Computer Name = WORLEY-46B190B0 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 10/12/2008 12:16:25 | Computer Name = WORLEY-46B190B0 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.11 for the Network Card with network
address 000FEAA0611C has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 11/12/2008 07:20:34 | Computer Name = WORLEY-46B190B0 | Source = Service Control Manager | ID = 7000
Description = The MGA Video Camera Device service failed to start due to the following
error: %%1058

Error - 11/12/2008 07:20:34 | Computer Name = WORLEY-46B190B0 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 11/12/2008 07:20:34 | Computer Name = WORLEY-46B190B0 | Source = Service Control Manager | ID = 7023
Description = The KService service terminated with the following error: %%2147500037

Error - 11/12/2008 07:21:35 | Computer Name = WORLEY-46B190B0 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 11/12/2008 07:21:36 | Computer Name = WORLEY-46B190B0 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 11/12/2008 07:24:13 | Computer Name = WORLEY-46B190B0 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

< End of report >

mada360 · 24-May-2010, 10:52 AM #5

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-23 23:01:33
Windows 5.1.2600 Service Pack 3
Running: qvimenmm.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\uxtdqpod.sys

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\DRIVERS\termdd.sys entry point in ".rsrc" section [0xF7792214]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\system32\svchost.exe[584] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0096000A
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \FileSystem\Cdfs \Cdfs F6CB2400
Device -> \Driver\atapi \Device\Harddisk0\DR0 84DDECEC

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d3c321
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d3c321 @00124739ca3c 0xA4 0x3E 0xB8 0x6D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d3c321 @001fe31f7a0d 0x65 0xDC 0xB4 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d3c321 @001fcd31722a 0x87 0xFA 0x04 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d3c321 @0024905032c1 0x70 0xE5 0x5C 0xF2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d3c321 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d3c321@001 24739ca3c 0xA4 0x3E 0xB8 0x6D ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d3c321@001 fe31f7a0d 0x65 0xDC 0xB4 0x3D ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d3c321@001 fcd31722a 0x87 0xFA 0x04 0xF6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d3c321@002 4905032c1 0x70 0xE5 0x5C 0xF2 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs avgrsstx.dll WIKI.DLL ikkqrd.dll C:\WINDOWS\system32\jovulide.dll c:\windows\system32\vajoneyo.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\termdd.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

mada360 · 24-May-2010, 11:03 AM #6

The logs are in the order you asked above, sorry for the late reply and the smiley's in one of the logs.

My computer is running the same as it did before and i didn't get a rootkit message during the Gmer scan; the OTL scan ran quite quick but the Gmer scan took around 6 hours, is this normal? (i ran the Gmer scan in safe mode without networking and had no other windows open)

Just some information for you i have most of my files backed up on an external hard-drive but as you may have seen from my scans i have a partition (:O) on my hard-drive this is a basic back up of my system made using windows. I also have an ubuntu partition on my hard-drive and it is set to dual-boot.

SweetTech · 24-May-2010, 11:10 AM #7

Hello,

GMER can take a couple hours to run in some cases.

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

mada360 · 24-May-2010, 11:53 AM #8

Would it be easier/faster to run it in safe mode?

SweetTech · 24-May-2010, 11:56 AM #9

Please try to run it in Normal Mode.

mada360 · 24-May-2010, 01:46 PM **#10**

ComboFix 10-05-23.08 - Julie 24/05/2010 18:04:46.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.47 [GMT 1:00]
Running from: c:\documents and settings\Julie\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Julie\Application Data\.#
C:\Thumbs.db
c:\windows\system32\RCX5A.tmp
c:\windows\system32\uuwctbkx.ini
c:\windows\Tasks.\lrzpvrig.job
c:\windows\Tasks.\lrzpvrig.job . . . . failed to delete

Infected copy of c:\windows\system32\drivers\termdd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCI
-------\Legacy_MYWEBSEARCHSERVICE

((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.

2010-05-21 20:57 . 2010-05-21 20:57 200480 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-21 19:06 . 2010-05-21 19:06 -------- d-----w- c:\program files\Microsoft Research
2010-05-21 18:08 . 2010-05-21 18:08 -------- d-----w- c:\program files\Photosynth
2010-05-20 20:32 . 2010-05-20 20:32 -------- d-----w- c:\program files\Trend Micro
2010-05-14 16:16 . 2010-05-14 16:17 -------- d-----w- c:\program files\TuneUpMedia
2010-05-14 16:16 . 2010-05-14 17:02 -------- d-----w- c:\documents and settings\Julie\Application Data\TuneUpMedia
2010-05-14 16:11 . 2010-05-14 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-05-09 20:14 . 2010-05-23 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Hobbyist Software
2010-05-08 10:16 . 2010-05-10 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Driving Test Success
2010-05-08 10:16 . 2010-05-10 19:09 -------- d-----w- c:\program files\Driving Test Success - All Tests (2009-2010)
2010-05-05 18:57 . 2010-05-10 21:38 -------- d-----w- c:\documents and settings\Julie\Application Data\FileZilla
2010-04-26 19:08 . 2010-04-26 19:08 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\Sony
2010-04-26 19:08 . 2010-04-26 19:08 -------- d-----w- c:\documents and settings\Julie\Application Data\Sony

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 17:25 . 2010-01-28 16:36 -------- d-----w- c:\documents and settings\Julie\Application Data\Dropbox
2010-05-24 17:20 . 2009-01-04 11:48 602 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-05-24 15:32 . 2010-05-24 15:32 503808 ----a-w- c:\documents and settings\Julie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20498535-n\msvcp71.dll
2010-05-24 15:32 . 2010-05-24 15:32 499712 ----a-w- c:\documents and settings\Julie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20498535-n\jmc.dll
2010-05-24 15:32 . 2010-05-24 15:32 348160 ----a-w- c:\documents and settings\Julie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20498535-n\msvcr71.dll
2010-05-24 15:19 . 2008-07-12 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-21 19:07 . 2010-05-21 19:07 43385 ----a-r- c:\documents and settings\Julie\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_5760EA0C59009CA8D18846.exe
2010-05-21 19:07 . 2010-05-21 19:07 43385 ----a-r- c:\documents and settings\Julie\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_21F3885A18D238E15AAE81.exe
2010-05-21 19:07 . 2010-05-21 19:07 32579 ----a-r- c:\documents and settings\Julie\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_6FEFF9B68218417F98F549.exe
2010-05-21 18:50 . 2008-07-12 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-20 17:32 . 2008-07-12 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-05-16 18:00 . 2006-09-01 19:25 -------- d-----w- c:\documents and settings\Julie\Application Data\uTorrent
2010-05-15 23:25 . 2008-12-05 16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 16:17 . 2010-02-17 14:48 -------- d-----w- c:\program files\iTunes
2010-05-12 18:04 . 2006-08-03 14:11 -------- d-----w- c:\documents and settings\Julie\Application Data\gtk-2.0
2010-05-11 15:17 . 2009-04-16 21:41 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2010-05-06 19:18 . 2009-10-23 19:12 -------- d-----w- c:\program files\Opera
2010-05-02 19:57 . 2010-05-02 19:57 -------- d-----w- c:\program files\Free Audio Pack
2010-05-02 19:57 . 2010-05-02 19:57 -------- d-----w- c:\documents and settings\Julie\Application Data\FreeAudioPack
2010-04-29 14:39 . 2008-12-05 16:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2008-12-05 16:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 21:16 . 2008-07-12 16:02 -------- d-----w- c:\program files\Google
2010-04-26 19:11 . 2008-12-25 12:08 -------- d-----w- c:\program files\Sony
2010-04-26 19:03 . 2008-08-04 18:49 -------- d-----w- c:\program files\Pidgin
2010-04-23 21:18 . 2009-09-13 09:37 -------- d-----w- c:\program files\Digsby
2010-04-23 20:50 . 2006-09-01 14:20 -------- d-----w- c:\documents and settings\Julie\Application Data\Audacity
2010-04-23 20:41 . 2008-08-04 19:17 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-04-19 19:18 . 2008-08-26 13:32 -------- d-----w- c:\documents and settings\Julie\Application Data\vlc
2010-04-19 19:15 . 2010-03-20 15:40 -------- d-----w- c:\program files\Hobbyist Software
2010-04-17 20:50 . 2008-07-27 09:58 74408 ----a-w- c:\documents and settings\Julie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-15 10:42 . 2009-10-22 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-13 19:18 . 2010-04-13 19:18 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-04-13 11:51 . 2008-07-12 13:12 -------- d-----w- c:\program files\AVG
2010-04-13 11:33 . 2008-07-10 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-04-09 08:52 . 2006-07-30 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-04-07 18:04 . 2006-07-30 09:17 -------- d-----w- c:\program files\Kodak
2010-04-07 17:50 . 2008-07-11 16:52 -------- d-----w- c:\program files\Yahoo!
2010-04-07 14:20 . 2010-05-08 10:22 5728808 ----a-w- c:\documents and settings\All Users\Application Data\Driving Test Success\Downloads\DTSUpdate.exe
2010-04-05 21:34 . 2006-08-11 14:37 -------- d-----w- c:\documents and settings\Julie\Application Data\.purple
2010-03-30 20:12 . 2009-05-06 18:05 -------- d-----w- c:\documents and settings\Julie\Application Data\Spotify
2010-03-29 09:03 . 2008-07-15 16:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 21:46 . 2009-02-26 17:36 60688 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 19:02 . 2009-07-20 13:15 38784 ----a-w- c:\documents and settings\Julie\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-02-26 16:41 . 2010-02-26 16:41 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys
2010-02-26 16:41 . 2010-02-26 16:41 390528 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys
2010-02-26 16:41 . 2010-02-26 16:41 249856 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dl l
2010-02-26 16:14 . 2010-01-28 16:39 91696 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\Uninstall.exe
2010-02-26 16:07 . 2010-02-26 16:07 13264416 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\Dropbox.exe
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-09-09 19:07 . 2008-09-09 19:07 65590 --sha-w- c:\windows\system32\famatoge.dll.tmp
2008-09-09 19:07 . 2008-09-09 19:07 65590 --sha-w- c:\windows\system32\mahalemo.dll.tmp
2008-09-09 19:07 . 2008-09-09 19:07 65590 --sha-w- c:\windows\system32\wedusoha.dll.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\Security\avg\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 11:58 1107200 ----a-w- c:\program files\Security\avg\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 21:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\Security\avg\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\Security\avg\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-09-30 22:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-09-30 22:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-09-30 22:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-20 133104]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\Security\avg\avgtray.exe" [2010-03-18 2046816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-09-30 600008]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Hobbyist Software On-Off Helper"="c:\program files\Hobbyist Software\Off-Helper\Off-Helper.exe" [2010-05-05 210432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Julie\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Julie\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 08:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 11:32 87352 ------w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 04:42 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
2002-03-19 16:30 45632 ------w- c:\windows\system32\TaskSwitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-12-08 00:42 376832 ------w- c:\program files\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ext2 Volume Manager]
2008-05-24 12:29 1207440 ----a-w- c:\program files\Ext2Fsd\Ext2Mgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F5D9050]
2006-07-20 05:55 1617920 ------w- c:\program files\Belkin\F5D9050\Belkinwcui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 04:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 04:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 04:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-02-27 16:56 1032376 ------w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 08:00 1116920 ------w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
2009-07-02 08:22 2453264 ----a-w- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 19:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Security\\avg\\avgemc.exe"=
"c:\\Program Files\\Security\\avg\\avgupd.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Documents and Settings\\Julie\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Hobbyist Software\\Off-Helper\\Off-Helper.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Hobbyist Software\\Off-Helper\\Off-Service.exe"=
"c:\\Program Files\\Hobbyist Software\\Off-Helper\\mdnsresponder.exe"=
"c:\\Program Files\\Hobbyist Software\\Off-Helper\\dnssd-hobbyist.dll"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/07/2008 2:13 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/07/2008 2:13 PM 108552]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [21/08/2008 9:42 PM 651264]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [26/02/2010 5:41 PM 390528]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 2:47 PM 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 2:47 PM 116328]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [19/12/2001 11:45 AM 8576]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\Security\avg\avgemc.exe [12/07/2008 2:12 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\Security\avg\avgwdsvc.exe [12/07/2008 2:12 PM 297752]
R2 kqemu;kqemu driver;c:\windows\system32\drivers\kqemu.sys [06/02/2007 10:02 PM 123939]
R2 Off-Helper;Off-Helper;c:\program files\Hobbyist Software\Off-Helper\Off-Service.exe [09/05/2010 9:14 PM 32256]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 2:47 PM 779496]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\Metaboli Player\X4HSX32Ex.sys [18/07/2008 12:18 PM 29856]
R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [10/06/2004 12:14 AM 502784]
R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [14/07/2008 7:51 PM 19968]
S2 Ca533av;MGA Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [03/08/2006 11:38 AM 515803]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/04/2010 10:16 PM 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 5:28 AM 4639136]
S3 P730C;P730C;c:\windows\system32\drivers\P730C.sys [18/08/2008 2:16 PM 25300]
S3 P730M;P730M;c:\windows\system32\drivers\P730M.sys [18/08/2008 2:16 PM 25300]
S3 P730U;P730U;c:\windows\system32\drivers\P730U.sys [18/08/2008 2:16 PM 49365]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2006-08-03 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-04 12:00]

2010-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-12 20:28]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 21:39]

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1004Core.job
- c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-20 17:40]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1004UA.job
- c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-20 17:40]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1012Core.job
- c:\documents and settings\Adam.WORLEY-46B190B0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-21 13:41]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1012UA.job
- c:\documents and settings\Adam.WORLEY-46B190B0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-21 13:41]

2010-05-24 c:\windows\Tasks\User_Feed_Synchronization-{87B8FE37-D887-4987-8C12-7790F9683185}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-05-24 c:\windows\Tasks\User_Feed_Synchronization-{8892A9E9-8D6A-4753-B8AD-26B5D41F345D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-05-24 c:\windows\Tasks\User_Feed_Synchronization-{CB794B10-EA7E-41C0-8BC5-B58A21901C34}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab
FF - ProfilePath - c:\documents and settings\Julie\Application Data\Mozilla\Firefox\Profiles\xhadvr10.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Julie\Application Data\Mozilla\Firefox\Profiles\xhadvr10.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Security\avg\Firefox\components\avgssff.dll
FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xpu tils2.dll
FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xpu tils3.dll
FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xpu tils35.dll
FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npExentCtl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{49C5A41D-225D-4792-B656-9873522697D3} - (no file)
BHO-{80bf2261-0374-43d1-a5a8-204f1ec384c6} - (no file)
BHO-{D6F5B312-EF0D-464D-A043-E6E08A35952C} - (no file)
Notify-rqRIbYro - (no file)
MSConfigStartUp-CPM4f968b04 - c:\windows\system32\vajoneyo.dll
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Lexmark 1200 Series - c:\program files\Lexmark 1200 Series\lxczbmgr.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-VMware hqtray - c:\program files\VMware\VMware Player\hqtray.exe
AddRemove-Mozilla Firefox (2.0.0.20) - e:\portableapps\FirefoxPortable\App\firefox\uninstall\helper.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 18:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(1136)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\documents and settings\Julie\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\Security\avg\avgrsx.exe
c:\progra~1\Security\avg\avgnsx.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\windows\system32\ufdsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Security\avg\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-24 18:39:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-24 17:39

Pre-Run: 39,646,416,896 bytes free
Post-Run: 39,755,513,856 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3C7163FCD596B56BA1A18EA836F1F708

mada360 · 24-May-2010, 01:48 PM **#11**

*While running combofix it detected a rootkit and rebooted my system

SweetTech · 24-May-2010, 02:11 PM **#12**

Hello,

ComboFix Script

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:

http://forums.techguy.org/7404412-post10.html
Collect::
c:\windows\system32\famatoge.dll.tmp
c:\windows\system32\mahalemo.dll.tmp
c:\windows\system32\wedusoha.dll.tmp

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following bolded text into the textbox.

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /180
Push
A report will open. Copy and Paste that report in your next reply.

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the ComboFix scan.
3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the ESET Online Virus Scanner.
5. The log that was produced after running the OTL scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.

mada360 · 26-May-2010, 11:16 AM **#13**

Just had a load of error messages saying that all of my start up programs couldn't run and then my pc crashed, yesterday I performed the Eset scan which nearly took 7 hours to complete, I will be posting all the results at once afterbi have performed the OTL scan.

SweetTech · 26-May-2010, 11:19 AM **#14**

Okay.

mada360 · 26-May-2010, 12:16 PM **#15**

2)
ComboFix 10-05-23.08 - Julie 24/05/2010 19:45:32.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.447.177 [GMT 1:00]
Running from: c:\documents and settings\Julie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Julie\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\windows\system32\famatoge.dll.tmp
file zipped: c:\windows\system32\mahalemo.dll.tmp
file zipped: c:\windows\system32\wedusoha.dll.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\famatoge.dll.tmp
c:\windows\system32\mahalemo.dll.tmp
c:\windows\system32\wedusoha.dll.tmp

.
((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.

2010-05-24 18:10 . 2010-05-24 18:36 -------- d-----w- c:\program files\freeSSHd
2010-05-21 20:57 . 2010-05-21 20:57 200480 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-21 19:06 . 2010-05-21 19:06 -------- d-----w- c:\program files\Microsoft Research
2010-05-21 18:08 . 2010-05-21 18:08 -------- d-----w- c:\program files\Photosynth
2010-05-20 20:32 . 2010-05-20 20:32 -------- d-----w- c:\program files\Trend Micro
2010-05-14 16:16 . 2010-05-14 16:17 -------- d-----w- c:\program files\TuneUpMedia
2010-05-14 16:16 . 2010-05-14 17:02 -------- d-----w- c:\documents and settings\Julie\Application Data\TuneUpMedia
2010-05-14 16:11 . 2010-05-14 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-05-09 20:14 . 2010-05-23 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Hobbyist Software
2010-05-08 10:16 . 2010-05-10 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Driving Test Success
2010-05-08 10:16 . 2010-05-10 19:09 -------- d-----w- c:\program files\Driving Test Success - All Tests (2009-2010)
2010-05-05 18:57 . 2010-05-10 21:38 -------- d-----w- c:\documents and settings\Julie\Application Data\FileZilla
2010-04-26 19:08 . 2010-04-26 19:08 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\Sony
2010-04-26 19:08 . 2010-04-26 19:08 -------- d-----w- c:\documents and settings\Julie\Application Data\Sony

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 17:43 . 2010-01-28 16:36 -------- d-----w- c:\documents and settings\Julie\Application Data\Dropbox
2010-05-24 17:20 . 2009-01-04 11:48 602 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-05-24 15:32 . 2010-05-24 15:32 503808 ----a-w- c:\documents and settings\Julie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20498535-n\msvcp71.dll
2010-05-24 15:32 . 2010-05-24 15:32 499712 ----a-w- c:\documents and settings\Julie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20498535-n\jmc.dll
2010-05-24 15:32 . 2010-05-24 15:32 348160 ----a-w- c:\documents and settings\Julie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20498535-n\msvcr71.dll
2010-05-24 15:19 . 2008-07-12 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-21 19:07 . 2010-05-21 19:07 43385 ----a-r- c:\documents and settings\Julie\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_5760EA0C59009CA8D18846.exe
2010-05-21 19:07 . 2010-05-21 19:07 43385 ----a-r- c:\documents and settings\Julie\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_21F3885A18D238E15AAE81.exe
2010-05-21 19:07 . 2010-05-21 19:07 32579 ----a-r- c:\documents and settings\Julie\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_6FEFF9B68218417F98F549.exe
2010-05-21 18:50 . 2008-07-12 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-20 17:32 . 2008-07-12 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-05-16 18:00 . 2006-09-01 19:25 -------- d-----w- c:\documents and settings\Julie\Application Data\uTorrent
2010-05-15 23:25 . 2008-12-05 16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 16:17 . 2010-02-17 14:48 -------- d-----w- c:\program files\iTunes
2010-05-12 18:04 . 2006-08-03 14:11 -------- d-----w- c:\documents and settings\Julie\Application Data\gtk-2.0
2010-05-11 15:17 . 2009-04-16 21:41 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2010-05-06 19:18 . 2009-10-23 19:12 -------- d-----w- c:\program files\Opera
2010-05-02 19:57 . 2010-05-02 19:57 -------- d-----w- c:\program files\Free Audio Pack
2010-05-02 19:57 . 2010-05-02 19:57 -------- d-----w- c:\documents and settings\Julie\Application Data\FreeAudioPack
2010-04-29 14:39 . 2008-12-05 16:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2008-12-05 16:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 21:16 . 2008-07-12 16:02 -------- d-----w- c:\program files\Google
2010-04-26 19:11 . 2008-12-25 12:08 -------- d-----w- c:\program files\Sony
2010-04-26 19:03 . 2008-08-04 18:49 -------- d-----w- c:\program files\Pidgin
2010-04-23 21:18 . 2009-09-13 09:37 -------- d-----w- c:\program files\Digsby
2010-04-23 20:50 . 2006-09-01 14:20 -------- d-----w- c:\documents and settings\Julie\Application Data\Audacity
2010-04-23 20:41 . 2008-08-04 19:17 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-04-19 19:18 . 2008-08-26 13:32 -------- d-----w- c:\documents and settings\Julie\Application Data\vlc
2010-04-19 19:15 . 2010-03-20 15:40 -------- d-----w- c:\program files\Hobbyist Software
2010-04-17 20:50 . 2008-07-27 09:58 74408 ----a-w- c:\documents and settings\Julie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-15 10:42 . 2009-10-22 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-13 19:18 . 2010-04-13 19:18 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-04-13 11:51 . 2008-07-12 13:12 -------- d-----w- c:\program files\AVG
2010-04-13 11:33 . 2008-07-10 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-04-09 08:52 . 2006-07-30 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-04-07 18:04 . 2006-07-30 09:17 -------- d-----w- c:\program files\Kodak
2010-04-07 17:50 . 2008-07-11 16:52 -------- d-----w- c:\program files\Yahoo!
2010-04-07 14:20 . 2010-05-08 10:22 5728808 ----a-w- c:\documents and settings\All Users\Application Data\Driving Test Success\Downloads\DTSUpdate.exe
2010-04-05 21:34 . 2006-08-11 14:37 -------- d-----w- c:\documents and settings\Julie\Application Data\.purple
2010-03-30 20:12 . 2009-05-06 18:05 -------- d-----w- c:\documents and settings\Julie\Application Data\Spotify
2010-03-29 09:03 . 2008-07-15 16:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 21:46 . 2009-02-26 17:36 60688 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 19:02 . 2009-07-20 13:15 38784 ----a-w- c:\documents and settings\Julie\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-02-26 16:41 . 2010-02-26 16:41 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys
2010-02-26 16:41 . 2010-02-26 16:41 390528 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys
2010-02-26 16:41 . 2010-02-26 16:41 249856 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dl l
2010-02-26 16:14 . 2010-01-28 16:39 91696 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\Uninstall.exe
2010-02-26 16:07 . 2010-02-26 16:07 13264416 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\Dropbox.exe
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\Security\avg\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 11:58 1107200 ----a-w- c:\program files\Security\avg\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 21:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\Security\avg\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\Security\avg\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-09-30 22:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-09-30 22:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-09-30 22:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-20 133104]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\Security\avg\avgtray.exe" [2010-03-18 2046816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-09-30 600008]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Hobbyist Software On-Off Helper"="c:\program files\Hobbyist Software\Off-Helper\Off-Helper.exe" [2010-05-05 210432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Julie\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Julie\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 08:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 11:32 87352 ------w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 04:42 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
2002-03-19 16:30 45632 ------w- c:\windows\system32\TaskSwitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-12-08 00:42 376832 ------w- c:\program files\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ext2 Volume Manager]
2008-05-24 12:29 1207440 ----a-w- c:\program files\Ext2Fsd\Ext2Mgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F5D9050]
2006-07-20 05:55 1617920 ------w- c:\program files\Belkin\F5D9050\Belkinwcui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 04:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 04:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 04:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-02-27 16:56 1032376 ------w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 08:00 1116920 ------w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
2009-07-02 08:22 2453264 ----a-w- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 19:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Security\\avg\\avgemc.exe"=
"c:\\Program Files\\Security\\avg\\avgupd.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Documents and Settings\\Julie\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Hobbyist Software\\Off-Helper\\Off-Helper.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Hobbyist Software\\Off-Helper\\Off-Service.exe"=
"c:\\Program Files\\Hobbyist Software\\Off-Helper\\mdnsresponder.exe"=
"c:\\Program Files\\Hobbyist Software\\Off-Helper\\dnssd-hobbyist.dll"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/07/2008 2:13 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/07/2008 2:13 PM 108552]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [21/08/2008 9:42 PM 651264]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [26/02/2010 5:41 PM 390528]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 2:47 PM 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 2:47 PM 116328]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [19/12/2001 11:45 AM 8576]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\Security\avg\avgemc.exe [12/07/2008 2:12 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\Security\avg\avgwdsvc.exe [12/07/2008 2:12 PM 297752]
R2 kqemu;kqemu driver;c:\windows\system32\drivers\kqemu.sys [06/02/2007 10:02 PM 123939]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 2:47 PM 779496]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\Metaboli Player\X4HSX32Ex.sys [18/07/2008 12:18 PM 29856]
R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [10/06/2004 12:14 AM 502784]
R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [14/07/2008 7:51 PM 19968]
S2 Ca533av;MGA Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [03/08/2006 11:38 AM 515803]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/04/2010 10:16 PM 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 Off-Helper;Off-Helper;c:\program files\Hobbyist Software\Off-Helper\Off-Service.exe [09/05/2010 9:14 PM 32256]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 5:28 AM 4639136]
S3 P730C;P730C;c:\windows\system32\drivers\P730C.sys [18/08/2008 2:16 PM 25300]
S3 P730M;P730M;c:\windows\system32\drivers\P730M.sys [18/08/2008 2:16 PM 25300]
S3 P730U;P730U;c:\windows\system32\drivers\P730U.sys [18/08/2008 2:16 PM 49365]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2006-08-03 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-04 12:00]

2010-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-12 20:28]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 21:39]

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1004Core.job
- c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-20 17:40]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1004UA.job
- c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-20 17:40]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1012Core.job
- c:\documents and settings\Adam.WORLEY-46B190B0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-21 13:41]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1012UA.job
- c:\documents and settings\Adam.WORLEY-46B190B0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-21 13:41]

2010-05-24 c:\windows\Tasks\User_Feed_Synchronization-{87B8FE37-D887-4987-8C12-7790F9683185}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-05-24 c:\windows\Tasks\User_Feed_Synchronization-{8892A9E9-8D6A-4753-B8AD-26B5D41F345D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-05-24 c:\windows\Tasks\User_Feed_Synchronization-{CB794B10-EA7E-41C0-8BC5-B58A21901C34}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab
FF - ProfilePath - c:\documents and settings\Julie\Application Data\Mozilla\Firefox\Profiles\xhadvr10.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Julie\Application Data\Mozilla\Firefox\Profiles\xhadvr10.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Security\avg\Firefox\components\avgssff.dll
FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xpu tils2.dll
FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xpu tils3.dll
FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xpu tils35.dll
FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npExentCtl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 20:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-05-24 20:08:45
ComboFix-quarantined-files.txt 2010-05-24 19:08
ComboFix2.txt 2010-05-24 17:39

Pre-Run: 39,807,184,896 bytes free
Post-Run: 39,793,197,056 bytes free

- - End Of File - - 3A200F4E772757F935003696BD7A01F8
Upload was successful

Similar Threads
Title	Thread Starter	Forum	Replies	Last Post
Redirected search engine links.	hokieharlem	Virus & Other Malware Removal	1	04-May-2009 05:05 PM
Search results being redirected	JuiceFever	Virus & Other Malware Removal	0	14-Jan-2009 04:11 AM
Search Engine Redirecting to Wrong Page	amiras	Virus & Other Malware Removal	1	12-Jan-2009 05:07 PM
Solved: IE, Firefox Search Redirects and Other Strange Things	Smitty13	Virus & Other Malware Removal	1	17-Sep-2008 09:09 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Solved: Redirected searches

Find the solution to your computer problem!

Find the solution to your
computer problem!