1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

TR/Rootkit.Gen2

Discussion in 'Virus & Other Malware Removal' started by nov2897, Dec 11, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. nov2897

    nov2897 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    10
    I have/had this virus on my computer. It initially blocked me from doing just about anything on my computer. I was able to start computer in Safe Mode and ran Spybot Search and Destroy. That seemed to remove some of the virus, but not all. On next start up, Spybot was immediately running and seemed to remove some more of the virus. I was then able to run Avira which did find 10+ infected files but says they have since been removed to quarantine. I have run pcsafedoctor and it found a Trojan PE_Patch. No other programs found this. Not sure if this is related to the Rootkit.Gen2 or something completely diffreent. I cannot turn on automatic updates on the computer so one of these trojans or virus is still on the machine. How can I get the computer clean and then also be able to turn back on automatic updates?

    Here is my computer info:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz, x86 Family 15 Model 4 Stepping 4
    Processor Count: 2
    RAM: 1022 Mb
    Graphics Card: RADEON X300 Series, 128 Mb
    Hard Drives: C: Total - 300795 MB, Free - 224279 MB; G: Total - 1907725 MB, Free - 1783900 MB;
    Motherboard: Dell Inc., 0X8582
    Antivirus: AntiVir Desktop, Updated: Yes, On-Demand Scanner: Enabled

    Running windows XP.
     
  2. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Hello and welcome to Tech Support Guy.

    My name is km2357 and I will be helping you to remove any infection(s) that you may have.

    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

    Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

    Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

    Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


    Step # 1 Download and run DDS

    Download DDS and save it to your desktop from here or here or here
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.


    Step # 2: Download and Run Gmer

    Please download gmer.zip from Gmer and save it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


    If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.


    In your next post/reply, I need to see the following:

    1. The two DDS Logs (DDS and Attach.txt)
    2. The GMER Log

    Use multiple posts if you can't fit everything into one post.
     
  3. nov2897

    nov2897 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    10
    Thank you so much for helping me. Here is the information you requested.
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/25/2009 1:09:08 PM
    System Uptime: 12/18/2011 1:43:46 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0X8582
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 294 GiB total, 218.797 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    G: is FIXED (NTFS) - 1863 GiB total, 1742.09 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: TI Technologies Inc.
    Description: RADEON X300 Series Secondary
    Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&1A646D2D&0&0108
    Manufacturer: ATI Technologies Inc.
    Name: RADEON X300 Series Secondary
    PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&1A646D2D&0&0108
    Service: ati2mtag
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart C309a series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C309a series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP771: 9/20/2011 12:11:12 PM - System Checkpoint
    RP772: 9/21/2011 2:20:27 PM - System Checkpoint
    RP773: 9/22/2011 2:23:45 PM - System Checkpoint
    RP774: 9/23/2011 2:23:51 PM - System Checkpoint
    RP775: 9/24/2011 2:31:06 PM - System Checkpoint
    RP776: 9/25/2011 3:31:08 PM - System Checkpoint
    RP777: 9/26/2011 3:41:00 PM - System Checkpoint
    RP778: 9/27/2011 4:12:41 PM - System Checkpoint
    RP779: 9/28/2011 5:14:37 PM - System Checkpoint
    RP780: 9/28/2011 11:56:44 PM - Software Distribution Service 3.0
    RP781: 9/30/2011 10:50:45 AM - System Checkpoint
    RP782: 10/1/2011 10:51:46 AM - System Checkpoint
    RP783: 10/2/2011 11:22:17 AM - System Checkpoint
    RP784: 10/3/2011 12:11:49 PM - System Checkpoint
    RP785: 10/4/2011 1:15:48 PM - System Checkpoint
    RP786: 10/5/2011 1:21:47 PM - System Checkpoint
    RP787: 10/6/2011 1:29:45 PM - System Checkpoint
    RP788: 10/7/2011 2:07:10 PM - System Checkpoint
    RP789: 10/8/2011 2:39:33 PM - System Checkpoint
    RP790: 10/9/2011 2:44:30 PM - System Checkpoint
    RP791: 10/10/2011 4:12:48 PM - System Checkpoint
    RP792: 10/11/2011 5:39:46 PM - System Checkpoint
    RP793: 10/12/2011 5:59:49 PM - System Checkpoint
    RP794: 10/13/2011 3:00:17 AM - Software Distribution Service 3.0
    RP795: 10/14/2011 1:25:12 PM - System Checkpoint
    RP796: 10/15/2011 3:17:17 PM - System Checkpoint
    RP797: 10/16/2011 3:36:30 PM - System Checkpoint
    RP798: 10/17/2011 3:49:19 PM - System Checkpoint
    RP799: 10/18/2011 5:03:07 PM - System Checkpoint
    RP800: 10/19/2011 6:02:58 PM - System Checkpoint
    RP801: 10/20/2011 8:08:19 PM - System Checkpoint
    RP802: 10/21/2011 8:41:37 PM - System Checkpoint
    RP803: 10/22/2011 9:39:36 PM - System Checkpoint
    RP804: 10/23/2011 10:17:15 PM - System Checkpoint
    RP805: 10/25/2011 8:05:23 AM - System Checkpoint
    RP806: 10/26/2011 9:24:53 AM - System Checkpoint
    RP807: 10/27/2011 10:02:17 AM - System Checkpoint
    RP808: 10/28/2011 10:30:20 AM - System Checkpoint
    RP809: 10/29/2011 10:53:00 AM - System Checkpoint
    RP810: 10/30/2011 11:15:32 AM - System Checkpoint
    RP811: 10/31/2011 11:51:02 AM - System Checkpoint
    RP812: 11/1/2011 11:59:46 AM - System Checkpoint
    RP813: 11/2/2011 1:02:52 PM - System Checkpoint
    RP814: 11/3/2011 1:30:19 PM - System Checkpoint
    RP815: 11/4/2011 2:03:34 PM - System Checkpoint
    RP816: 11/5/2011 2:23:50 PM - System Checkpoint
    RP817: 11/6/2011 1:29:05 PM - System Checkpoint
    RP818: 11/7/2011 2:24:20 PM - System Checkpoint
    RP819: 11/8/2011 5:09:53 PM - System Checkpoint
    RP820: 11/9/2011 5:11:59 PM - System Checkpoint
    RP821: 11/9/2011 11:03:31 PM - Software Distribution Service 3.0
    RP822: 11/11/2011 11:46:42 AM - System Checkpoint
    RP823: 11/11/2011 11:06:03 PM - Software Distribution Service 3.0
    RP824: 11/13/2011 9:27:05 AM - System Checkpoint
    RP825: 11/14/2011 9:27:25 AM - System Checkpoint
    RP826: 11/15/2011 9:38:22 AM - System Checkpoint
    RP827: 11/16/2011 10:36:00 AM - System Checkpoint
    RP828: 11/17/2011 10:39:36 AM - System Checkpoint
    RP829: 11/18/2011 11:27:56 AM - System Checkpoint
    RP830: 11/19/2011 11:45:51 AM - System Checkpoint
    RP831: 1/19/2011 4:04:20 PM - System Checkpoint
    RP832: 11/20/2011 1:00:15 PM - System Checkpoint
    RP833: 11/21/2011 1:06:44 PM - System Checkpoint
    RP834: 11/22/2011 2:05:23 PM - System Checkpoint
    RP835: 11/23/2011 2:34:20 PM - System Checkpoint
    RP836: 11/24/2011 8:31:27 PM - System Checkpoint
    RP837: 11/25/2011 9:05:59 PM - System Checkpoint
    RP838: 11/27/2011 8:56:12 AM - System Checkpoint
    RP839: 11/28/2011 1:42:52 PM - System Checkpoint
    RP840: 11/29/2011 2:02:37 PM - System Checkpoint
    RP841: 11/30/2011 3:06:52 PM - System Checkpoint
    RP842: 12/1/2011 3:26:50 PM - System Checkpoint
    RP843: 12/2/2011 3:42:33 PM - System Checkpoint
    RP844: 12/3/2011 4:10:01 PM - System Checkpoint
    RP845: 12/4/2011 4:31:49 PM - System Checkpoint
    RP846: 12/5/2011 4:39:25 PM - System Checkpoint
    RP847: 12/6/2011 5:35:53 PM - System Checkpoint
    RP848: 12/7/2011 6:20:04 PM - System Checkpoint
    RP849: 12/7/2011 10:15:40 PM - RegClean Pro Wed, Dec 07, 11 22:15
    RP850: 12/8/2011 10:31:14 PM - System Checkpoint
    RP851: 12/9/2011 11:09:59 PM - System Checkpoint
    RP852: 12/10/2011 11:08:34 AM - Restore Operation
    RP853: 12/10/2011 3:47:18 PM - System Checkpoint
    RP854: 12/10/2011 4:31:13 PM - Restore Operation
    RP855: 12/11/2011 8:01:54 PM - System Checkpoint
    RP856: 12/12/2011 9:37:24 AM - FiOS Installation
    RP857: 12/12/2011 12:46:31 PM - Restore Operation
    RP858: 12/12/2011 4:27:27 PM - Installed Vz In Home Agent.
    RP859: 12/13/2011 5:22:58 PM - System Checkpoint
    RP860: 12/14/2011 7:08:49 PM - System Checkpoint
    RP861: 12/15/2011 7:18:31 PM - System Checkpoint
    RP862: 12/16/2011 7:44:10 PM - System Checkpoint
    RP863: 12/17/2011 7:57:22 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    4 Elements
    4500_Help
    Acrobat.com
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.4.6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Autodesk DWF Viewer
    Avira AntiVir Personal - Free Antivirus
    Bing Bar
    BlackBerry® Media Sync
    Bonjour
    BPD_HPSU
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Burn4Free CD & DVD 5.1.0.0
    C309a
    Carbonite
    CDBurnerXP
    Clone Wars
    Coupon Printer for Windows
    Creative Audio Console
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative WaveStudio 7
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DiscAPI
    DocMgr
    DocProc
    DVD Shrink 3.2
    DVDFab 8.0.8.5 (19/03/2011)
    EPSON Printer Software
    EPSON Scan
    Fax
    Google Earth Plug-in
    Google Update Helper
    GPBaseService2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 12.0
    HP Document Manager 1.0
    HP Imaging Device Functions 12.0
    HP Officejet J4500 Series
    HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
    HP Photosmart Essential 3.5
    HP Smart Web Printing 4.60
    HP Solution Center 13.0
    HP Update
    HPDiagnosticAlert
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    IHA_MessageCenter
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) PRO Network Connections Drivers
    iTunes
    J4500
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 24
    KODAK Gallery Upload Software
    LightScribe 1.4.142.1
    Logitech Vid
    Logitech Webcam Software
    MarketResearch
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Silverlight
    Microsoft Streets and Trips 2005
    Microsoft UI Engine
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Word 2000
    MSVCSetup
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Essentials
    neroxml
    Network
    OCR Software by I.R.I.S. 12.0
    OpenOffice.org 3.3
    OverDrive Media Console
    Panda ActiveScan 2.0
    Pinnacle Hollywood FX for Studio
    Pinnacle Instant DVD Recorder
    ProductContext
    PS_AIO_05_C309_Software_Min
    QuickTime
    RAPID
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SecurityScan
    Shop for HP Supplies
    Skype™ 5.5
    SmartSound Quicktracks Plugin
    SmartWebPrinting
    SolutionCenter
    Spybot - Search & Destroy
    Status
    Studio 10
    Studio 10 Bonus DVD
    TomTom HOME 2.8.2.2264
    TomTom HOME Visual Studio Merge Modules
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Vz In Home Agent
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/12/2011 2:15:35 PM, error: VolSnap [20] - The shadow copy of volume C: was aborted because of a failed free space computation.
    12/12/2011 12:56:57 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running.
    12/11/2011 8:39:09 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    12/11/2011 8:38:59 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'redbook.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    12/11/2011 7:22:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    .
    ==== End Of File ===========================
    Here is the dds.txt info:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by John Meyer at 13:51:40 on 2011-12-18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.151 [GMT -5:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\McAfee Security Scan\2.1.119\SSScheduler.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {597A9974-8CB0-4f41-B61F-ED065738A397} - No File
    BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
    uRun: [MaxMySpeed Registry Cleaner] c:\program files\cyberdefender\registry scanner\CDregclean.exe
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [<NO NAME>]
    mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\securi~1.lnk - c:\program files\mcafee security scan\2.1.119\SSScheduler.exe
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: mswsock.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
    DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
    DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.nassaucountyny.gov/mynassauproperty/autodesk/DwfViewerSetup.exe
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.disneyphotopass.com/software/ImageUploader4.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
    DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D0C29D8E-305B-4B32-988D-DAD2DF869FC2} : DhcpNameServer = 192.168.1.1
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-12-10 28552]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-1 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-1 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-1 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-30 66616]
    R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-10-28 286736]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
    R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-22 136176]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-6-23 79360]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-22 136176]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.119\McCHSvc.exe [2010-3-8 227232]
    S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2011-12-11 34736]
    .
    =============== Created Last 30 ================
    .
    2011-12-16 16:12:40 -------- d-----w- c:\program files\common files\Autodesk Shared
    2011-12-16 16:12:35 -------- d-----w- c:\program files\Autodesk
    2011-12-16 02:47:22 -------- d-----w- c:\program files\iPod
    2011-12-16 02:47:07 -------- d-----w- c:\program files\iTunes
    2011-12-12 21:10:29 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
    2011-12-12 21:10:21 -------- d-----w- c:\program files\McAfee Security Scan
    2011-12-12 17:55:33 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
    2011-12-12 17:55:33 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
    2011-12-12 17:47:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-12-12 17:47:22 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-12-12 15:34:27 260 ----a-w- c:\windows\system32\cmdVBS.vbs
    2011-12-12 15:34:27 256 ----a-w- c:\windows\system32\MSIevent.bat
    2011-12-12 15:34:06 -------- d-----w- c:\program files\Verizon
    2011-12-12 14:37:10 -------- d-----w- c:\documents and settings\john meyer\application data\TechWizard
    2011-12-12 03:33:57 34736 ----a-w- c:\windows\system32\drivers\RKHit.sys
    2011-12-12 03:33:56 -------- d-----w- c:\program files\PCSafeDoctor
    2011-12-11 01:37:43 328192 ----a-w- c:\documents and settings\john meyer\local settings\application data\cfe.exe
    2011-12-11 01:08:54 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2011-12-10 21:55:28 -------- d-----w- c:\program files\Panda Security
    2011-12-08 03:31:34 -------- d-----w- c:\program files\RegZooka
    2011-12-08 03:27:47 2424 ----a-w- c:\windows\system32\ASOROSet.bin
    2011-12-08 03:10:03 -------- d-----w- c:\documents and settings\john meyer\application data\Systweak
    2011-12-08 03:09:52 -------- d-----w- c:\documents and settings\john meyer\local settings\application data\RewardsArcade
    2011-12-08 03:09:48 17280 ----a-w- c:\windows\system32\roboot.exe
    2011-12-08 03:09:48 -------- d-----w- c:\program files\RewardsArcade
    .
    ==================== Find3M ====================
    .
    2011-11-16 13:25:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-02 13:56:09 398760 ----a-r- c:\windows\system32\cpnprt2.cid
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 13:53:02.07 ===============
    Here is the gmer.log.
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-18 20:28:11
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.
    Running: gmer.exe; Driver: C:\DOCUME~1\JOHNME~1\LOCALS~1\Temp\kwndypod.sys

    ---- System - GMER 1.0.15 ----
    SSDT B25232BC ZwClose
    SSDT B2523276 ZwCreateKey
    SSDT B25232C6 ZwCreateSection
    SSDT B252326C ZwCreateThread
    SSDT B252327B ZwDeleteKey
    SSDT B2523285 ZwDeleteValueKey
    SSDT B25232B7 ZwDuplicateObject
    SSDT B252328A ZwLoadKey
    SSDT B2523258 ZwOpenProcess
    SSDT B252325D ZwOpenThread
    SSDT B2523294 ZwReplaceKey
    SSDT B252328F ZwRestoreKey
    SSDT B25232CB ZwSetContextThread
    SSDT B2523280 ZwSetValueKey
    SSDT B2523267 ZwTerminateProcess
    ---- Kernel code sections - GMER 1.0.15 ----
    init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7825720]
    ---- User IAT/EAT - GMER 1.0.15 ----
    IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01C42F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01C42C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01C42CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01C42CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F12F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F12C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F12CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F12CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Fastfat \Fat A9437D20
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] 0x2E 0xE8 0xE1 0x00 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] 0x6A 0x9C 0xD6 0x61 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] 0x25 0xDA 0xEC 0x7E ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] 0x86 0x8C 0x21 0x01 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] 0xCD 0x44 0xCD 0xB9 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] 0xDF 0x20 0x58 0x62 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] 0x31 0x77 0xE1 0xBA ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] 0x83 0x6C 0x56 0x8B ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] 0xF6 0x0F 0x4E 0x58 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] 0x3D 0xCE 0xEA 0x26 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] 0xE3 0x0E 0x66 0xD5 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] 0xFA 0xEA 0x66 0x7F ...
    ---- Files - GMER 1.0.15 ----
    File C:\WINDOWS\$NtUninstallKB38200$\233085148 0 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\bckfg.tmp 851 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\cfg.ini 208 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\keywords 325 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\kwrd.dll 223744 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\L\iumbaodn 57600 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\lsflt7.ver 5176 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\U\[email protected] 2048 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\U\[email protected] 224768 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\U\[email protected] 1024 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\U\[email protected] 1024 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\U\[email protected] 12800 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\233085148\U\[email protected] 98304 bytes
    File C:\WINDOWS\$NtUninstallKB38200$\2870124694 0 bytes
     
  4. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Step # 1: Disable Teatimer

    Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

    This is a two step process.
    First step:
    • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
    • If you have the version 1.5 or 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
    • If you have Version 1.4, Click on Exit Spybot S&D Resident

    Second step, For Either Version :
    • Open Spybot S&D
    • Click Mode, choose Advanced Mode
    • Go To the bottom of the Vertical Panel on the Left, Click Tools
    • then, also in left panel, click Resident shows a red/white shield.
    • If your firewall raises a question, say OK
    • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
    • OK any prompts.
    • Use File, Exit to terminate Spybot
    • Reboot your machine for the changes to take effect.



    Step # 2: Download and Run ComboFix

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    *Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.
     
  5. nov2897

    nov2897 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    10
    ComboFix 11-12-19.01 - John Meyer 12/19/2011 9:28.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.542 [GMT -5:00]
    Running from: c:\documents and settings\John Meyer\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\John Meyer\Application Data\inst.exe
    c:\documents and settings\John Meyer\Application Data\Start
    c:\documents and settings\John Meyer\Application Data\Start\temp_20E5ACDA\flash.10.0.32.18.ocx
    c:\documents and settings\John Meyer\GoToAssistDownloadHelper.exe
    c:\documents and settings\John Meyer\Local Settings\Application Data\cfe.exe
    c:\program files\RewardsArcade
    c:\program files\RewardsArcade\appAPIinternalWrapper.js
    c:\program files\RewardsArcade\fb.js
    c:\program files\RewardsArcade\jquery.js
    c:\program files\RewardsArcade\json.js
    c:\program files\RewardsArcade\RewardsArcade.dll
    c:\program files\RewardsArcade\RewardsArcade.exe
    c:\program files\RewardsArcade\Uninstall.exe
    c:\program files\RewardsArcade\UserConfirmation.exe
    c:\windows\$NtUninstallKB38200$
    c:\windows\$NtUninstallKB38200$\233085148\@
    c:\windows\$NtUninstallKB38200$\233085148\bckfg.tmp
    c:\windows\$NtUninstallKB38200$\233085148\cfg.ini
    c:\windows\$NtUninstallKB38200$\233085148\Desktop.ini
    c:\windows\$NtUninstallKB38200$\233085148\keywords
    c:\windows\$NtUninstallKB38200$\233085148\kwrd.dll
    c:\windows\$NtUninstallKB38200$\233085148\L\iumbaodn
    c:\windows\$NtUninstallKB38200$\233085148\lsflt7.ver
    c:\windows\$NtUninstallKB38200$\233085148\U\[email protected]
    c:\windows\$NtUninstallKB38200$\233085148\U\[email protected]
    c:\windows\$NtUninstallKB38200$\233085148\U\[email protected]
    c:\windows\$NtUninstallKB38200$\233085148\U\[email protected]
    c:\windows\$NtUninstallKB38200$\233085148\U\[email protected]
    c:\windows\$NtUninstallKB38200$\233085148\U\[email protected]
    c:\windows\$NtUninstallKB38200$\2870124694
    c:\windows\Downloaded Program Files\popcaploader.dll
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\EventSystem.log
    c:\windows\system32\drivers\RKHit.sys
    G:\autorun.inf
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_RKHIT
    -------\Service_RkHit
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-16 16:12 . 2011-12-16 16:12 -------- d-----w- c:\program files\Common Files\Autodesk Shared
    2011-12-16 16:12 . 2011-12-16 16:12 -------- d-----w- c:\program files\Autodesk
    2011-12-16 02:47 . 2011-12-16 02:47 -------- d-----w- c:\program files\iPod
    2011-12-16 02:47 . 2011-12-16 02:48 -------- d-----w- c:\program files\iTunes
    2011-12-13 21:12 . 2011-12-13 21:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
    2011-12-12 21:10 . 2011-12-12 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
    2011-12-12 21:10 . 2011-12-12 21:10 -------- d-----w- c:\program files\McAfee Security Scan
    2011-12-12 21:07 . 2011-12-12 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2011-12-12 17:55 . 2008-04-14 05:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
    2011-12-12 17:55 . 2008-04-14 05:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
    2011-12-12 17:47 . 2011-12-12 17:47 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-12-12 15:34 . 2011-12-12 21:05 256 ----a-w- c:\windows\system32\MSIevent.bat
    2011-12-12 15:34 . 2011-12-12 21:05 260 ----a-w- c:\windows\system32\cmdVBS.vbs
    2011-12-12 15:34 . 2011-12-12 15:34 -------- d-----w- c:\program files\Verizon
    2011-12-12 14:37 . 2011-12-12 15:33 -------- d-----w- c:\documents and settings\John Meyer\Application Data\TechWizard
    2011-12-12 03:33 . 2011-12-16 18:09 -------- d-----w- c:\program files\PCSafeDoctor
    2011-12-11 01:08 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2011-12-10 21:55 . 2011-12-10 21:55 -------- d-----w- c:\program files\Panda Security
    2011-12-10 20:23 . 2011-12-10 20:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2011-12-10 20:17 . 2011-12-10 20:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-12-10 17:36 . 2011-12-10 17:41 -------- d-----w- c:\documents and settings\Administrator.JOHN-0E3D4B5DE9
    2011-12-08 03:31 . 2011-12-08 03:41 -------- d-----w- c:\program files\RegZooka
    2011-12-08 03:27 . 2011-12-08 03:44 2424 ----a-w- c:\windows\system32\ASOROSet.bin
    2011-12-08 03:10 . 2011-12-08 03:30 -------- d-----w- c:\documents and settings\John Meyer\Application Data\Systweak
    2011-12-08 03:09 . 2011-12-08 03:09 -------- d-----w- c:\documents and settings\John Meyer\Local Settings\Application Data\RewardsArcade
    2011-12-08 03:09 . 2011-11-19 16:52 17280 ----a-w- c:\windows\system32\roboot.exe
    2011-11-22 16:51 . 2011-11-22 16:51 -------- d-----w- c:\program files\Google
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-16 13:25 . 2011-05-21 12:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-10 14:22 . 2009-09-25 17:03 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-02 13:56 . 2011-10-02 13:56 398760 ----a-r- c:\windows\system32\cpnprt2.cid
    2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-07 149040]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
    "EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
    "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
    "CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-16 153136]
    "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    SecurityScan.lnk - c:\program files\McAfee Security Scan\2.1.119\SSScheduler.exe [2010-3-8 255536]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\BackupData\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "50000:UDP"= 50000:UDP:IHA_MessageCenter
    .
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/10/2011 8:08 PM 28552]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/1/2009 8:14 PM 136360]
    R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/28/2011 6:20 PM 286736]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
    R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/5/2009 8:09 PM 47360]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 11:51 AM 136176]
    S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 5:44 PM 183560]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/23/2010 8:10 AM 79360]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 11:51 AM 136176]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.119\McCHSvc.exe [3/8/2010 10:39 AM 227232]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 16:51]
    .
    2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 16:51]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-MaxMySpeed Registry Cleaner - c:\program files\CyberDefender\Registry Scanner\CDregclean.exe
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-19 09:48
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTHelper = CTHELPER.EXE?
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(4028)
    c:\windows\system32\WININET.dll
    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Creative\Shared Files\CTAudSvc.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-19 09:57:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-19 14:57
    .
    Pre-Run: 234,801,840,128 bytes free
    Post-Run: 235,290,406,912 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 781406898D047BB163E72BE5DC066470
     
  6. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Step # 1 Update Java

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Please follow these steps to remove older version Java components and update.

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u30.
    • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Remove the following old versions of Java:

    • Java(TM) 6 Update 22

      Java(TM) 6 Update 24


    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • From your desktop double-click on the download to install the newest version.




    Step # 2 Download and Run CCleaner

    Download CCleaner from here to clean temp files from your computer.
    • Double click on the ccsetup.exe file to start the installation of the program.
    • Select your language and click OK, then next.
    • Read the license agreement and click I Agree.
    • Click next to use the default install location.
    • Under Install Options, choose all the default settings except I would recommend that you unclick/untick install the Yahoo! Toolbar, unless you want it. You can also Uncheck the 'Automatically check for updates' box.
    • Click Install then finish to complete installation.
    • Double click the CCleaner shortcut on the desktop to start the program.
    • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
    • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
    • Click on the "Options" icon at the left side of the window, then click on "Advanced."
      deselect "Only delete files in Windows Temp folders older than 24 hours."
    • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
    • After CCleaner has completed its process, click Exit.




    Step # 3 Download and Run Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.



    In your next post/reply, I need to see the following:

    1. MalwareBytes' Log
    2. A fresh DDS Log
     
  7. nov2897

    nov2897 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    10
    Here are the 3 logs you requested:
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org
    Database version: 8399
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    12/19/2011 5:39:33 PM
    mbam-log-2011-12-19 (17-39-33).txt
    Scan type: Quick scan
    Objects scanned: 196345
    Time elapsed: 8 minute(s), 43 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 14
    Files Infected: 39
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade (PUP.RewardsArcade) -> Delete on reboot.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    Files Infected:
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

    Here is the dds
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by John Meyer at 18:40:15 on 2011-12-19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.329 [GMT -5:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\McAfee Security Scan\2.1.119\SSScheduler.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\securi~1.lnk - c:\program files\mcafee security scan\2.1.119\SSScheduler.exe
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
    DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
    DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.nassaucountyny.gov/mynassauproperty/autodesk/DwfViewerSetup.exe
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.disneyphotopass.com/software/ImageUploader4.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
    DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D0C29D8E-305B-4B32-988D-DAD2DF869FC2} : DhcpNameServer = 192.168.1.1
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-1 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-1 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-1 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-30 66616]
    R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-10-28 286736]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-19 366152]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
    R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-19 22216]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-22 136176]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-6-23 79360]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-22 136176]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.119\McCHSvc.exe [2010-3-8 227232]
    S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-19 22:22:38 -------- d-----w- c:\documents and settings\john meyer\application data\Malwarebytes
    2011-12-19 22:22:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-12-19 22:22:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-19 22:22:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-19 22:18:15 -------- d-----w- c:\program files\CCleaner
    2011-12-19 20:59:56 -------- d-----w- c:\program files\Ask.com
    2011-12-19 20:59:55 -------- d-----w- c:\documents and settings\john meyer\local settings\application data\AskToolbar
    2011-12-19 20:48:26 -------- d-----w- c:\documents and settings\all users\application data\Ask
    2011-12-19 20:47:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-19 14:16:28 -------- d-sha-r- C:\cmdcons
    2011-12-19 14:14:42 256000 ----a-w- c:\windows\PEV.exe
    2011-12-19 14:14:42 208896 ----a-w- c:\windows\MBR.exe
    2011-12-19 14:14:41 98816 ----a-w- c:\windows\sed.exe
    2011-12-19 14:14:41 518144 ----a-w- c:\windows\SWREG.exe
    2011-12-16 16:12:35 -------- d-----w- c:\program files\Autodesk
    2011-12-16 02:47:22 -------- d-----w- c:\program files\iPod
    2011-12-16 02:47:07 -------- d-----w- c:\program files\iTunes
    2011-12-12 21:10:29 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
    2011-12-12 21:10:21 -------- d-----w- c:\program files\McAfee Security Scan
    2011-12-12 17:55:33 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
    2011-12-12 17:55:33 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
    2011-12-12 17:47:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-12-12 17:47:22 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-12-12 15:34:27 260 ----a-w- c:\windows\system32\cmdVBS.vbs
    2011-12-12 15:34:27 256 ----a-w- c:\windows\system32\MSIevent.bat
    2011-12-12 15:34:06 -------- d-----w- c:\program files\Verizon
    2011-12-12 14:37:10 -------- d-----w- c:\documents and settings\john meyer\application data\TechWizard
    2011-12-10 21:55:28 -------- d-----w- c:\program files\Panda Security
    2011-12-08 03:31:34 -------- d-----w- c:\program files\RegZooka
    2011-12-08 03:27:47 2424 ----a-w- c:\windows\system32\ASOROSet.bin
    2011-12-08 03:10:03 -------- d-----w- c:\documents and settings\john meyer\application data\Systweak
    2011-12-08 03:09:48 17280 ----a-w- c:\windows\system32\roboot.exe
    .
    ==================== Find3M ====================
    .
    2011-12-19 20:47:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-16 13:25:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-02 13:56:09 398760 ----a-r- c:\windows\system32\cpnprt2.cid
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 18:42:45.87 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/25/2009 1:09:08 PM
    System Uptime: 12/19/2011 6:37:45 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0X8582
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 294 GiB total, 219.124 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    G: is FIXED (NTFS) - 1863 GiB total, 1742.09 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: TI Technologies Inc.
    Description: RADEON X300 Series Secondary
    Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&1A646D2D&0&0108
    Manufacturer: ATI Technologies Inc.
    Name: RADEON X300 Series Secondary
    PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&1A646D2D&0&0108
    Service: ati2mtag
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart C309a series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C309a series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP772: 9/21/2011 2:20:27 PM - System Checkpoint
    RP773: 9/22/2011 2:23:45 PM - System Checkpoint
    RP774: 9/23/2011 2:23:51 PM - System Checkpoint
    RP775: 9/24/2011 2:31:06 PM - System Checkpoint
    RP776: 9/25/2011 3:31:08 PM - System Checkpoint
    RP777: 9/26/2011 3:41:00 PM - System Checkpoint
    RP778: 9/27/2011 4:12:41 PM - System Checkpoint
    RP779: 9/28/2011 5:14:37 PM - System Checkpoint
    RP780: 9/28/2011 11:56:44 PM - Software Distribution Service 3.0
    RP781: 9/30/2011 10:50:45 AM - System Checkpoint
    RP782: 10/1/2011 10:51:46 AM - System Checkpoint
    RP783: 10/2/2011 11:22:17 AM - System Checkpoint
    RP784: 10/3/2011 12:11:49 PM - System Checkpoint
    RP785: 10/4/2011 1:15:48 PM - System Checkpoint
    RP786: 10/5/2011 1:21:47 PM - System Checkpoint
    RP787: 10/6/2011 1:29:45 PM - System Checkpoint
    RP788: 10/7/2011 2:07:10 PM - System Checkpoint
    RP789: 10/8/2011 2:39:33 PM - System Checkpoint
    RP790: 10/9/2011 2:44:30 PM - System Checkpoint
    RP791: 10/10/2011 4:12:48 PM - System Checkpoint
    RP792: 10/11/2011 5:39:46 PM - System Checkpoint
    RP793: 10/12/2011 5:59:49 PM - System Checkpoint
    RP794: 10/13/2011 3:00:17 AM - Software Distribution Service 3.0
    RP795: 10/14/2011 1:25:12 PM - System Checkpoint
    RP796: 10/15/2011 3:17:17 PM - System Checkpoint
    RP797: 10/16/2011 3:36:30 PM - System Checkpoint
    RP798: 10/17/2011 3:49:19 PM - System Checkpoint
    RP799: 10/18/2011 5:03:07 PM - System Checkpoint
    RP800: 10/19/2011 6:02:58 PM - System Checkpoint
    RP801: 10/20/2011 8:08:19 PM - System Checkpoint
    RP802: 10/21/2011 8:41:37 PM - System Checkpoint
    RP803: 10/22/2011 9:39:36 PM - System Checkpoint
    RP804: 10/23/2011 10:17:15 PM - System Checkpoint
    RP805: 10/25/2011 8:05:23 AM - System Checkpoint
    RP806: 10/26/2011 9:24:53 AM - System Checkpoint
    RP807: 10/27/2011 10:02:17 AM - System Checkpoint
    RP808: 10/28/2011 10:30:20 AM - System Checkpoint
    RP809: 10/29/2011 10:53:00 AM - System Checkpoint
    RP810: 10/30/2011 11:15:32 AM - System Checkpoint
    RP811: 10/31/2011 11:51:02 AM - System Checkpoint
    RP812: 11/1/2011 11:59:46 AM - System Checkpoint
    RP813: 11/2/2011 1:02:52 PM - System Checkpoint
    RP814: 11/3/2011 1:30:19 PM - System Checkpoint
    RP815: 11/4/2011 2:03:34 PM - System Checkpoint
    RP816: 11/5/2011 2:23:50 PM - System Checkpoint
    RP817: 11/6/2011 1:29:05 PM - System Checkpoint
    RP818: 11/7/2011 2:24:20 PM - System Checkpoint
    RP819: 11/8/2011 5:09:53 PM - System Checkpoint
    RP820: 11/9/2011 5:11:59 PM - System Checkpoint
    RP821: 11/9/2011 11:03:31 PM - Software Distribution Service 3.0
    RP822: 11/11/2011 11:46:42 AM - System Checkpoint
    RP823: 11/11/2011 11:06:03 PM - Software Distribution Service 3.0
    RP824: 11/13/2011 9:27:05 AM - System Checkpoint
    RP825: 11/14/2011 9:27:25 AM - System Checkpoint
    RP826: 11/15/2011 9:38:22 AM - System Checkpoint
    RP827: 11/16/2011 10:36:00 AM - System Checkpoint
    RP828: 11/17/2011 10:39:36 AM - System Checkpoint
    RP829: 11/18/2011 11:27:56 AM - System Checkpoint
    RP830: 11/19/2011 11:45:51 AM - System Checkpoint
    RP831: 1/19/2011 4:04:20 PM - System Checkpoint
    RP832: 11/20/2011 1:00:15 PM - System Checkpoint
    RP833: 11/21/2011 1:06:44 PM - System Checkpoint
    RP834: 11/22/2011 2:05:23 PM - System Checkpoint
    RP835: 11/23/2011 2:34:20 PM - System Checkpoint
    RP836: 11/24/2011 8:31:27 PM - System Checkpoint
    RP837: 11/25/2011 9:05:59 PM - System Checkpoint
    RP838: 11/27/2011 8:56:12 AM - System Checkpoint
    RP839: 11/28/2011 1:42:52 PM - System Checkpoint
    RP840: 11/29/2011 2:02:37 PM - System Checkpoint
    RP841: 11/30/2011 3:06:52 PM - System Checkpoint
    RP842: 12/1/2011 3:26:50 PM - System Checkpoint
    RP843: 12/2/2011 3:42:33 PM - System Checkpoint
    RP844: 12/3/2011 4:10:01 PM - System Checkpoint
    RP845: 12/4/2011 4:31:49 PM - System Checkpoint
    RP846: 12/5/2011 4:39:25 PM - System Checkpoint
    RP847: 12/6/2011 5:35:53 PM - System Checkpoint
    RP848: 12/7/2011 6:20:04 PM - System Checkpoint
    RP849: 12/7/2011 10:15:40 PM - RegClean Pro Wed, Dec 07, 11 22:15
    RP850: 12/8/2011 10:31:14 PM - System Checkpoint
    RP851: 12/9/2011 11:09:59 PM - System Checkpoint
    RP852: 12/10/2011 11:08:34 AM - Restore Operation
    RP853: 12/10/2011 3:47:18 PM - System Checkpoint
    RP854: 12/10/2011 4:31:13 PM - Restore Operation
    RP855: 12/11/2011 8:01:54 PM - System Checkpoint
    RP856: 12/12/2011 9:37:24 AM - FiOS Installation
    RP857: 12/12/2011 12:46:31 PM - Restore Operation
    RP858: 12/12/2011 4:27:27 PM - Installed Vz In Home Agent.
    RP859: 12/13/2011 5:22:58 PM - System Checkpoint
    RP860: 12/14/2011 7:08:49 PM - System Checkpoint
    RP861: 12/15/2011 7:18:31 PM - System Checkpoint
    RP862: 12/16/2011 7:44:10 PM - System Checkpoint
    RP863: 12/17/2011 7:57:22 PM - System Checkpoint
    RP864: 12/18/2011 8:07:39 PM - System Checkpoint
    RP865: 12/19/2011 3:31:56 PM - Removed Java(TM) 6 Update 22
    RP866: 12/19/2011 3:32:54 PM - Removed Java(TM) 6 Update 16
    RP867: 12/19/2011 3:47:09 PM - Installed Java(TM) 6 Update 30
    RP868: 12/19/2011 3:48:22 PM - Installed Java Runtime Environment
    RP869: 12/19/2011 6:30:36 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    4 Elements
    4500_Help
    Acrobat.com
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.4.7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Avira AntiVir Personal - Free Antivirus
    Bing Bar
    BlackBerry® Media Sync
    Bonjour
    BPD_HPSU
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Burn4Free CD & DVD 5.1.0.0
    C309a
    Carbonite
    CCleaner
    CDBurnerXP
    Clone Wars
    Coupon Printer for Windows
    Creative Audio Console
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative WaveStudio 7
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DiscAPI
    DocMgr
    DocProc
    DVD Shrink 3.2
    DVDFab 8.0.8.5 (19/03/2011)
    EPSON Printer Software
    EPSON Scan
    Fax
    Google Earth Plug-in
    Google Update Helper
    GPBaseService2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 12.0
    HP Document Manager 1.0
    HP Imaging Device Functions 12.0
    HP Officejet J4500 Series
    HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
    HP Photosmart Essential 3.5
    HP Smart Web Printing 4.60
    HP Solution Center 13.0
    HP Update
    HPDiagnosticAlert
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    IHA_MessageCenter
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) PRO Network Connections Drivers
    iTunes
    J4500
    Java Auto Updater
    Java(TM) 6 Update 30
    KODAK Gallery Upload Software
    LightScribe 1.4.142.1
    Logitech Vid
    Logitech Webcam Software
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Silverlight
    Microsoft Streets and Trips 2005
    Microsoft UI Engine
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Word 2000
    MSVCSetup
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Essentials
    neroxml
    Network
    OCR Software by I.R.I.S. 12.0
    OpenOffice.org 3.3
    OverDrive Media Console
    Pinnacle Hollywood FX for Studio
    Pinnacle Instant DVD Recorder
    ProductContext
    PS_AIO_05_C309_Software_Min
    QuickTime
    RAPID
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SecurityScan
    Shop for HP Supplies
    Skype™ 5.5
    SmartSound Quicktracks Plugin
    SmartWebPrinting
    SolutionCenter
    Spybot - Search & Destroy
    Status
    Studio 10
    Studio 10 Bonus DVD
    TomTom HOME 2.8.2.2264
    TomTom HOME Visual Studio Merge Modules
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Vz In Home Agent
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/19/2011 9:45:49 AM, error: PlugPlayManager [11] - The device Root\LEGACY_RKHIT\0000 disappeared from the system without first being prepared for removal.
    12/19/2011 9:14:20 AM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
    12/18/2011 5:47:34 PM, error: RemoteAccess [20151] - The Control Protocol IPCP in the Point to Point Protocol module (unknown) returned an error while initializing. A dynamic link library (DLL) initialization routine failed.
    12/12/2011 2:23:37 PM, error: VolSnap [20] - The shadow copy of volume C: was aborted because of a failed free space computation.
    12/12/2011 12:56:57 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running.
    .
    ==== End Of File ===========================
     
  8. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Step # 1 Update Adobe Acrobat Reader

    There is a newer version of Adobe Acrobat Reader available. (See Note below)

    • First, go to Add/Remove Programs and uninstall Adobe Reader 9.4.6.
    • Please go to this link Adobe Acrobat Reader Download Link
    • On the right Untick McAfee® Security Scan Plus if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts

    Note: Adobe Reader X (10.1.1) is a large program and if you prefer a smaller program you can get Foxit 5.1.0 instead from http://www.foxitsoftware.com/downloads/index.php

    If you decide to install Foxit 5.1.0 instead of Adobe, do the following during Foxit's Setup/Installation process:

    Uncheck the following boxes:

    I accept the License Terms and want to install Foxit Toolbar

    Make Ask.com my default search

    Create desktop, quick launch and start menu icon to eBay



    ESET Online Scanner:

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go here to run the scan.
    • Select the option YES, I accept the Terms of Use then click on: [​IMG]
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on: [​IMG]
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on: [​IMG]
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.
    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



    In your next post/reply, I need to see the following:

    1. ESET Log
    2. How is your computer doing, any problems?
     
  9. nov2897

    nov2897 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    10
    My computer has been running OK. Before your help, I was not able to do any Windows updates. That has not been resolved. Here is the eset log.

    C:\BackupData\Documents and Settings\John Meyer.D6WC0W71\Local Settings\Application Data\Mozilla\Firefox\Profiles\mq29184l.default\Cache\54821E74d01 Win32/Adware.DriverRobot application
    C:\Documents and Settings\John Meyer\Application Data\Sun\Java\Deployment\cache\6.0\61\29ebbdbd-32eba65a Java/Exploit.CVE-2011-3544.H trojan
    C:\Documents and Settings\John Meyer\Application Data\Sun\Java\Deployment\cache\6.0\61\4e2557bd-4bced11e a variant of Java/Exploit.CVE-2011-3544.C trojan
    C:\Documents and Settings\John Meyer\My Documents\Downloads\DriverRobot_Setup.exe Win32/Adware.DriverRobot application
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\4\9dfafc4-61ca0adb a variant of Java/Exploit.CVE-2011-3544.C trojan
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\5\4c092f05-4b12a9e7 a variant of Java/Exploit.CVE-2011-3544.C trojan
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\684d1fba-4be09b5d a variant of Win32/Kryptik.XBK trojan
    C:\Qoobox\Quarantine\C\Documents and Settings\John Meyer\Local Settings\Application Data\cfe.exe.vir a variant of Win32/Kryptik.XBK trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\RKHit.sys.vir Win32/Adware.SpywareCease application
    C:\System Volume Information\_restore{84ADBF8E-42F7-4ADB-9AA4-8435EA614D0C}\RP864\A0095410.exe a variant of Win32/Kryptik.XBK trojan
    C:\System Volume Information\_restore{84ADBF8E-42F7-4ADB-9AA4-8435EA614D0C}\RP864\A0095415.sys Win32/Adware.SpywareCease application
    C:\System Volume Information\_restore{84ADBF8E-42F7-4ADB-9AA4-8435EA614D0C}\RP864\A0095505.dll a variant of Win32/Adware.SpywareCease.AA application
     
  10. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    ESET found some files in the Qoobox folder which is where ComboFix keeps its quarantined files. I'll be having you remove ComboFix in an upcoming post. ESET also found some infected System Restore points. They are harmless where they are. I'll show you how to remove them in an upcoming post.


    When you try to run/turn on Windows Updates, do you get any error messages? And if so, what are they?

    Try the following to see if it fixes the problem:

    Click Start, select Run
    Type: regsvr32 wuaueng.dll
    Press OK.


    I'd also like for you to do the following as well:



    Step # 1 Clear Java's Cache

    Click Start > Control Panel

    • Double-click the Java icon in the control panel. (coffeecup icon)
    • Click Settings under Temporary Internet Files.

      -The Temporary Files Settings dialog box appears.

    • Click Delete Files.

      -The Delete Temporary Files dialog box appears.
      -There are two options on this window to clear the cache.

    • Applications and Applets
    • Trace and Log Files

    Make sure both are checked

    Click OK on Delete Temporary Files window.

    -Note: This deletes all the Downloaded Applications and Applets from the cache.

    Click OK on Temporary Files Settings window.
    Close the Java Control Panel



    Step # 2 Download and Run OTMoveIt3

    Please download OTMoveIt3 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files
      C:\BackupData\Documents and Settings\John Meyer.D6WC0W71\Local Settings\Application Data\Mozilla\Firefox\Profiles\mq29184l.default\Cache\54821E74d01
      C:\Documents and Settings\John Meyer\My Documents\Downloads\DriverRobot_Setup.exe
    • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt3
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


    In your next post/reply, I need to see the following:

    1. OTMoveIt3 Log
    2. An update on your Windows Update problem.
     
  11. nov2897

    nov2897 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    10
    The windows update works fine now. There are no issues with it. I have attached the log you requested. It seems there was a problem with it.

    Error: Unable to interpret <C:\BackupData\Documents and Settings\John Meyer.D6WC0W71\Local Settings\Application Data\Mozilla\Firefox\Profiles\mq29184l.default\Cache\54821E74d01C:\Documents and Settings\John Meyer\My Documents\Downloads\DriverRobot_Setup.exe> in the current context!

    OTM by OldTimer - Version 3.1.19.0 log created on 12202011_160902
     
  12. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Great to hear. :) (y)


    Let's try removing those files/folders a different way:


    Step # 1: Run CFScript

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      KILLALL::
      
      File::
      
      C:\Documents and Settings\John Meyer\My Documents\Downloads\DriverRobot_Setup.exe
      C:\BackupData\Documents and Settings\John Meyer.D6WC0W71\Local Settings\Application Data\Mozilla\Firefox\Profiles\mq29184l.default\Cache\54821E74d01
      
      Folder::
      
      C:\BackupData\Documents and Settings\John Meyer.D6WC0W71\Local Settings\Application Data\Mozilla\Firefox\Profiles\mq29184l.default\Cache\54821E74d01
      
      DDS::
      
      BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
      BHO: {597A9974-8CB0-4f41-B61F-ED065738A397} - No File
      BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




      [​IMG]


      Note: This CFScript is for use on nov2897's computer only! Do not use it on your computer.

    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    In your next post/reply, I need to see the following:

    1. The ComboFix Log that appears after Step 1 has been completed.
     
  13. nov2897

    nov2897 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    10
    I did what you said. My program froze up and was stuck in the scan mode for hours. It says it should take around 10 minutes. I had to shut down the computer to close the program.
     
  14. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    See if you can find ComboFix.txt in either C:\ComboFix or C:\Qoobox folders.

    If you do, post it here in your next post/reply.
     
  15. nov2897

    nov2897 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    10
    ComboFix 11-12-21.02 - John Meyer 12/21/2011 9:25.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.409 [GMT -5:00]
    Running from: c:\documents and settings\John Meyer\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\oobe\isperror
    c:\windows\system32\oobe\isperror\ispcnerr.htm
    c:\windows\system32\oobe\isperror\ispdtone.htm
    c:\windows\system32\oobe\isperror\isphdshk.htm
    c:\windows\system32\oobe\isperror\ispins.htm
    c:\windows\system32\oobe\isperror\ispnoanw.htm
    c:\windows\system32\oobe\isperror\isppberr.htm
    c:\windows\system32\oobe\isperror\ispphbsy.htm
    c:\windows\system32\oobe\isperror\ispsbusy.htm
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_RkHit
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-20 21:09 . 2011-12-20 21:09 -------- d-----w- C:\_OTM
    2011-12-19 22:22 . 2011-12-19 22:22 -------- d-----w- c:\documents and settings\John Meyer\Application Data\Malwarebytes
    2011-12-19 22:22 . 2011-12-19 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-12-19 22:22 . 2011-12-19 22:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-19 22:22 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-19 22:18 . 2011-12-19 22:18 -------- d-----w- c:\program files\CCleaner
    2011-12-19 20:59 . 2011-12-19 21:00 -------- d-----w- c:\program files\Ask.com
    2011-12-19 20:59 . 2011-12-19 22:13 -------- d-----w- c:\documents and settings\John Meyer\Local Settings\Application Data\AskToolbar
    2011-12-19 20:48 . 2011-12-19 20:48 -------- d-----w- c:\program files\Common Files\Java
    2011-12-19 20:48 . 2011-12-19 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
    2011-12-19 20:47 . 2011-12-19 20:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-16 16:12 . 2011-12-16 16:12 -------- d-----w- c:\program files\Autodesk
    2011-12-16 02:47 . 2011-12-16 02:47 -------- d-----w- c:\program files\iPod
    2011-12-16 02:47 . 2011-12-16 02:48 -------- d-----w- c:\program files\iTunes
    2011-12-13 21:12 . 2011-12-13 21:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
    2011-12-12 21:10 . 2011-12-12 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
    2011-12-12 21:10 . 2011-12-12 21:10 -------- d-----w- c:\program files\McAfee Security Scan
    2011-12-12 21:07 . 2011-12-12 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2011-12-12 17:55 . 2008-04-14 05:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
    2011-12-12 17:55 . 2008-04-14 05:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
    2011-12-12 17:47 . 2011-12-12 17:47 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-12-12 15:34 . 2011-12-12 21:05 256 ----a-w- c:\windows\system32\MSIevent.bat
    2011-12-12 15:34 . 2011-12-12 21:05 260 ----a-w- c:\windows\system32\cmdVBS.vbs
    2011-12-12 15:34 . 2011-12-12 15:34 -------- d-----w- c:\program files\Verizon
    2011-12-12 14:37 . 2011-12-12 15:33 -------- d-----w- c:\documents and settings\John Meyer\Application Data\TechWizard
    2011-12-10 21:55 . 2011-12-10 21:55 -------- d-----w- c:\program files\Panda Security
    2011-12-10 20:23 . 2011-12-10 20:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2011-12-10 20:17 . 2011-12-10 20:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-12-10 17:36 . 2011-12-10 17:41 -------- d-----w- c:\documents and settings\Administrator.JOHN-0E3D4B5DE9
    2011-12-08 03:31 . 2011-12-08 03:41 -------- d-----w- c:\program files\RegZooka
    2011-12-08 03:27 . 2011-12-08 03:44 2424 ----a-w- c:\windows\system32\ASOROSet.bin
    2011-12-08 03:10 . 2011-12-08 03:30 -------- d-----w- c:\documents and settings\John Meyer\Application Data\Systweak
    2011-12-08 03:09 . 2011-11-19 16:52 17280 ----a-w- c:\windows\system32\roboot.exe
    2011-11-22 16:51 . 2011-11-22 16:51 -------- d-----w- c:\program files\Google
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-19 20:47 . 2010-05-28 14:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-16 13:25 . 2011-05-21 12:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2009-09-25 17:03 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-02 13:56 . 2011-10-02 13:56 398760 ----a-r- c:\windows\system32\cpnprt2.cid
    2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    ((((((((((((((((((((((((((((( [email protected]_14.49.13 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-21 14:41 . 2011-12-21 14:41 16384 c:\windows\Temp\Perflib_Perfdata_5dc.dat
    + 2011-12-21 14:41 . 2011-12-21 14:41 16384 c:\windows\Temp\Perflib_Perfdata_430.dat
    - 2009-09-25 17:55 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
    + 2009-09-25 17:55 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
    - 2004-08-04 12:00 . 2011-12-19 14:49 67740 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2011-12-21 12:57 67740 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
    - 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
    + 2009-03-08 08:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
    - 2009-03-08 08:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
    - 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
    + 2004-08-04 12:00 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
    - 2009-09-25 18:35 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2009-09-25 18:35 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2009-03-08 08:31 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2009-03-08 08:31 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2009-09-25 18:35 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2009-09-25 18:35 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2009-03-08 08:34 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
    + 2009-03-08 08:34 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
    + 2009-03-08 08:33 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
    - 2009-03-08 08:33 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
    - 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
    + 2011-12-19 23:35 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
    + 2011-12-19 23:35 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
    + 2011-12-19 23:35 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
    + 2011-12-19 23:35 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
    + 2011-12-19 23:35 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
    + 2011-12-21 14:41 . 2009-04-30 20:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    - 2011-12-19 14:48 . 2009-04-30 20:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    - 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
    + 2004-08-04 12:00 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
    + 2004-08-04 12:00 . 2011-12-21 12:57 432784 c:\windows\system32\perfh009.dat
    - 2004-08-04 12:00 . 2011-12-19 14:49 432784 c:\windows\system32\perfh009.dat
    + 2004-08-04 12:00 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
    - 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
    + 2004-08-04 12:00 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
    - 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
    + 2009-03-08 08:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
    - 2009-03-08 08:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
    - 2011-08-05 04:09 . 2011-02-03 02:40 157472 c:\windows\system32\javaws.exe
    + 2011-12-19 20:47 . 2011-12-19 20:47 157472 c:\windows\system32\javaws.exe
    + 2011-12-19 20:47 . 2011-12-19 20:47 149280 c:\windows\system32\javaw.exe
    + 2011-12-19 20:47 . 2011-12-19 20:47 149280 c:\windows\system32\java.exe
    - 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
    + 2004-08-04 12:00 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
    + 2004-08-04 12:00 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
    - 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
    - 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
    + 2004-08-04 12:00 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
    - 2009-09-25 12:55 . 2011-10-13 07:24 165120 c:\windows\system32\FNTCACHE.DAT
    + 2009-09-25 12:55 . 2011-12-19 23:38 165120 c:\windows\system32\FNTCACHE.DAT
    + 2009-06-26 16:50 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
    - 2009-03-08 08:34 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
    + 2009-03-08 08:34 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
    + 2009-03-08 08:34 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
    - 2009-03-08 08:34 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
    - 2009-03-08 08:32 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
    + 2009-03-08 08:32 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
    - 2009-09-25 18:35 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2009-09-25 18:35 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2009-09-25 18:35 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2009-09-25 18:35 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2009-03-08 08:31 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2009-03-08 08:31 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2010-06-10 17:28 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2010-06-10 17:28 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2009-03-08 18:09 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2009-03-08 18:09 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
    - 2009-03-08 08:32 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
    + 2009-03-08 08:32 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
    + 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
    - 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
    + 2011-12-19 20:48 . 2011-12-19 20:48 203776 c:\windows\Installer\a644f.msi
    + 2011-12-19 20:47 . 2011-12-19 20:47 902656 c:\windows\Installer\a643b.msi
    + 2011-12-19 20:59 . 2011-12-19 20:59 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
    + 2011-12-19 23:35 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
    + 2011-12-19 23:35 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
    + 2011-12-19 23:35 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
    + 2011-12-19 23:35 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
    + 2011-12-19 23:35 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
    + 2011-12-19 23:35 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
    + 2011-12-19 23:35 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
    + 2011-12-19 23:35 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
    + 2011-12-19 23:35 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
    + 2011-12-19 23:35 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
    + 2011-12-19 23:35 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
    + 2011-12-19 23:35 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
    + 2004-08-04 12:00 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
    - 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
    + 2004-08-04 12:00 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
    + 2009-03-08 08:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
    - 2009-03-08 08:32 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
    + 2009-04-17 12:26 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
    + 2009-06-26 16:50 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
    - 2009-06-26 16:50 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
    + 2009-09-25 18:14 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
    - 2009-09-25 18:14 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2009-09-25 18:14 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
    - 2009-09-25 18:14 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2009-02-07 23:02 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2009-09-25 18:14 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2009-09-25 18:14 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2009-07-18 16:05 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
    + 2009-09-25 18:35 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
    - 2009-09-25 18:35 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
    + 2011-12-20 13:49 . 2011-12-20 13:49 2295808 c:\windows\Installer\c0c22.msi
    + 2011-12-19 20:59 . 2011-12-19 21:00 2095616 c:\windows\Installer\16337e.msi
    + 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
    + 2011-12-19 23:35 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
    + 2011-12-19 23:35 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
    + 2011-12-19 23:35 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
    - 2009-09-25 18:14 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2009-09-25 18:14 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2009-09-25 18:14 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2009-09-25 18:14 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2009-02-07 23:02 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    - 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    - 2009-09-25 18:14 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2009-09-25 18:14 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2009-09-25 18:34 . 2011-12-19 23:32 52988224 c:\windows\system32\MRT.exe
    - 2009-03-08 08:39 . 2011-08-23 21:48 11081728 c:\windows\system32\ieframe.dll
    + 2009-03-08 08:39 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
    - 2009-09-25 18:35 . 2011-08-23 21:48 11081728 c:\windows\system32\dllcache\ieframe.dll
    + 2009-09-25 18:35 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
    + 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\c0c23.msp
    + 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
    + 2011-12-19 23:35 . 2011-08-23 21:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-08-24 02:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-07 149040]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
    "EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
    "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
    "CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-16 153136]
    "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    SecurityScan.lnk - c:\program files\McAfee Security Scan\2.1.119\SSScheduler.exe [2010-3-8 255536]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\BackupData\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "50000:UDP"= 50000:UDP:IHA_MessageCenter
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/1/2009 8:14 PM 136360]
    R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/28/2011 6:20 PM 286736]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/19/2011 5:22 PM 366152]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
    R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/19/2011 5:22 PM 22216]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/5/2009 8:09 PM 47360]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 11:51 AM 136176]
    S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 5:44 PM 183560]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/23/2010 8:10 AM 79360]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 11:51 AM 136176]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.119\McCHSvc.exe [3/8/2010 10:39 AM 227232]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 16:51]
    .
    2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 16:51]
    .
    2011-12-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2011-08-24 02:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913}
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-21 09:42
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTHelper = CTHELPER.EXE?
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(4036)
    c:\windows\system32\WININET.dll
    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Creative\Shared Files\CTAudSvc.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    c:\windows\System32\vssvc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\msdtc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-21 09:52:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-21 14:52
    ComboFix2.txt 2011-12-19 14:57
    .
    Pre-Run: 234,137,083,904 bytes free
    Post-Run: 235,020,447,744 bytes free
    .
    - - End Of File - - 5A72A2421B5B70EEFE6DE1E22AA0E5B3
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Rootkit Gen2
  1. lunarlander
    Replies:
    5
    Views:
    652
  2. ricincalifornia
    Replies:
    2
    Views:
    480
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030825

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice