JetSwap "SafeSurf" infection

B

Bontwizt

New member
Somehow i got infected with some sort of russian made spyware. Doesnt seem to hijack my browser or anything malicious aside from using up ram and cycles.

I have already attempted to delete the files up.exe, Skybound.Gecko.dll, safesurf.exe, surfguard.exe, and the folder "f" from teh windows/system32/drivers folder (i found a report on google saying some sites created these files and directories). Sometimes they stay deleted until i reboot , and i have already disabled the files from loading via msconfig. They seem reappear after reboots, but seem to re download themselves or recopy themselves from another directory most of the time.


DDS Log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 15:51:09.68 on Mon 08/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.626 [GMT -4:00]

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)

{E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\Documents and Settings\Casey Kline\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\BW Monitor\BWMonitor.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
D:\WINDOWS\system32\system\svchost.exe
D:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\WINDOWS\system32\drivers\safesurf.exe
D:\WINDOWS\system32\drivers\surfguard.exe
C:\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE
C:\Downloads\dds.scr
D:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program

files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} -

c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AtiTrayTools] "c:\program files\ray adams\ati tray tools\atitray.exe"
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [Google Update] "d:\documents and settings\casey kline\local settings\application

data\google\update\GoogleUpdate.exe" /c
uRun: [TpScrex] c:\programdata\tpscrex\TpScrex.exe /somering
uRun: [Fraps] c:\fraps\FRAPS.EXE
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader

9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [jsafesurf] d:\windows\system32\drivers\safesurf.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\dropbox.lnk - d:\documents

and settings\casey kline\application data\dropbox\bin\Dropbox.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\impuls~1.lnk - c:\program

files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\shortc~1.lnk - c:\program

files\bw monitor\BWMonitor.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\shortc~2.lnk -

d:\windows\system32\taskmgr.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program

files\windows desktop search\WindowsSearch.exe
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?

1277092124018
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

d:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} -

c:\program files\windows desktop search\MSNLNamespaceMgr.dll
IFEO: taskmgr.exe - "c:\downloads\processexplorer\PROCEXP.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\caseyk~1\applic~1\mozilla\firefox\profiles\vfhp6q8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\mozilla

firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: d:\documents and settings\casey kline\application

data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\components\c

oolirisstub.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\documents and settings\casey kline\application

data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf379

16a7}\plugins\np_gp.dll
FF - plugin: d:\documents and settings\casey kline\application

data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\csweblauncher@cyberstep.com\plugi

ns\npCsWebLauncher.dll
FF - plugin: d:\documents and settings\casey kline\application

data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\kos@dontblynk.com\platform\winnt_

x86-msvc\plugins\NPSting.dll
FF - plugin: d:\documents and settings\casey kline\application

data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\plugins\npco

olirisplugin.dll
FF - plugin: d:\documents and settings\casey kline\local settings\application

data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant:

{20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js

- pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows",

false);
c:\program files\mozilla firefox\greprefs\all.js -

pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js -

pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js -

pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js -

pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js -

pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js -

pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai",

true);
c:\program files\mozilla firefox\greprefs\all.js -

pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm",

false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type",

5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size",

4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",

false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",

2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",

1);
c:\program files\mozilla firefox\greprefs\all.js -

pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js -

pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",

25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",

5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref",

true);
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js -

pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js -

pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js -

pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add",

"addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled",

false);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2009-11-25 19232]
R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys

[2010-6-20 10448]
R2 Win_Updater;Win32 Updater;d:\windows\system32\system\svchost.exe [2010-8-21 1405440]
R3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [2010-6-21

11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18

130384]
S3 cpuz130;cpuz130;\??\d:\docume~1\caseyk~1\locals~1\temp\cpuz130\cpuz_x32.sys -->

d:\docume~1\caseyk~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]

=============== Created Last 30 ================

2010-08-30 17:56:22 0 d-----w- d:\docume~1\alluse~1\applic~1\Spybot -

Search & Destroy
2010-08-30 17:56:22 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-30 17:42:03 19456 ----a-w- d:\windows\system32\drivers\surfguard.exe
2010-08-30 17:39:32 0 d-----w- d:\windows\system32\drivers\f
2010-08-30 17:39:31 16896 ----a-w- d:\windows\system32\drivers\up.exe
2010-08-30 17:39:16 211968 ----a-w- d:\windows\system32\drivers\safesurf.exe
2010-08-30 13:31:09 158720 ----a-w-

d:\windows\system32\drivers\skybound.gecko.dll
2010-08-28 04:54:13 0 d-----w- c:\program files\Microsoft Games for

Windows - LIVE
2010-08-28 03:05:44 0 d-----w- d:\windows\system32\xlive
2010-08-28 03:01:33 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2010-08-27 23:11:45 0 d-----w- d:\windows\usgwmt
2010-08-27 22:01:01 0 d-sh--w- d:\docume~1\alluse~1\applic~1\SecuROM
2010-08-27 21:27:35 0 d-----w- c:\program files\2K Games
2010-08-27 20:55:52 0 d-----w- d:\windows\pss
2010-08-27 19:41:59 0 d-----w- d:\windows\system32\appmgmt
2010-08-27 00:52:08 0 d-----w- d:\docume~1\alluse~1\applic~1\Caelum
2010-08-27 00:50:56 4286 ----a-w- d:\windows\system32\ico.ico
2010-08-27 00:50:52 0 d-----w- d:\windows\system32\system
2010-08-27 00:50:46 0 d-----w- d:\windows\system32\webem
2010-08-24 18:35:46 0 d-----w- c:\program files\common files\Futuremark

Shared
2010-08-24 03:21:33 0 d-----w-

d:\docume~1\caseyk~1\applic~1\ArtificialStudios
2010-08-24 03:17:12 0 d-----w- c:\program files\Artificial Studios
2010-08-23 03:01:42 0 d-----w- d:\documents and settings\casey kline\oni
2010-08-20 23:40:09 0 d-----w- c:\program files\Apophysis 2.0
2010-08-20 17:34:43 0 d-----w- c:\program files\Alien Skin
2010-08-19 21:23:15 0 d-----w- d:\docume~1\alluse~1\applic~1\NOMBZ Save

Data
2010-08-19 20:37:00 0 d-----w- c:\program files\ReflexiveArcade
2010-08-19 18:55:03 28 ----a-w- d:\windows\pdf995.ini
2010-08-19 18:43:48 59 ----a-w- d:\windows\wpd99.drv
2010-08-19 18:43:48 51716 ----a-w- d:\windows\system32\pdf995mon.dll
2010-08-19 18:43:48 249856 ----a-w- d:\windows\system32\pdfmona.dll
2010-08-19 18:43:48 0 d-----w- d:\docume~1\alluse~1\applic~1\pdf995
2010-08-19 18:43:45 0 d-----w- c:\program files\pdf995
2010-08-16 14:52:58 0 d-----w- c:\program files\MSECache
2010-08-15 23:44:29 0 d-----w- c:\program files\oZone3D
2010-08-15 22:13:33 0 d-----w- d:\docume~1\caseyk~1\applic~1\URSE Games
2010-08-15 21:22:06 0 d-----w- d:\docume~1\alluse~1\applic~1\Trymedia
2010-08-15 21:20:35 0 d-----w- d:\windows\system32\weber
2010-08-15 16:02:14 817664 ----a-w- d:\windows\system32\Help64.exe
2010-08-12 18:05:29 0 d-----w- d:\docume~1\caseyk~1\applic~1\runic games
2010-08-12 17:48:53 0 d-----w- c:\program files\Alcohol Soft
2010-08-12 17:31:16 721904 ----a-w- d:\windows\system32\drivers\sptd.sys
2010-08-10 20:25:58 0 d-----w- d:\docume~1\caseyk~1\applic~1\Jumb-O-Fun

Games
2010-08-10 20:19:39 4096 ----a-w- d:\windows\d3dx.dat
2010-08-10 18:30:06 0 d-----w- c:\program files\common files\Blizzard

Entertainment
2010-08-10 15:41:08 0 d-----w- d:\windows\Uninstall
2010-08-10 15:40:52 0 d-----w- c:\program files\3D Realms
2010-08-05 19:33:06 0 d-----w- c:\program files\GamersFirst
2010-08-05 19:21:55 0 d-----w- d:\docume~1\caseyk~1\applic~1\JAM Software
2010-08-05 19:21:46 0 d-----w- c:\program files\JAM Software
2010-08-04 03:42:33 0 d-----w- d:\docume~1\caseyk~1\applic~1\AnvSoft
2010-08-04 03:42:19 0 d-----w- c:\program files\AnvSoft

==================== Find3M ====================

2010-08-23 03:14:02 156672 ----a-w- d:\windows\system32\rmc_fixasf.exe
2010-08-23 03:13:57 237568 ----a-w- d:\windows\system32\rmc_rtspdl.dll
2010-07-17 09:00:04 423656 ----a-w- d:\windows\system32\deployJava1.dll
2010-07-16 04:38:54 392704 ----a-w- d:\windows\system32\ICH.exe
2010-07-15 16:01:12 42612 ----a-w- d:\windows\fonts\Horst Roman Gothic.ttf
2010-07-15 14:10:20 17896 ----a-w- d:\windows\fonts\paola.ttf
2010-06-30 12:31:35 149504 ----a-w- d:\windows\system32\schannel.dll
2010-06-25 13:14:52 151552 ----a-w- d:\windows\system32\nvRegDev.dll
2010-06-24 12:22:03 916480 ----a-w- d:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- d:\windows\system32\win32k.sys
2010-06-21 02:08:43 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2010-06-17 14:03:00 80384 ----a-w- d:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- d:\windows\system32\msxml3.dll
2010-06-02 08:55:30 74072 ----a-w- d:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55:30 527192 ----a-w- d:\windows\system32\XAudio2_7.dll
2010-06-02 08:55:30 239960 ----a-w- d:\windows\system32\xactengine3_7.dll

============= FINISH: 15:51:52.51 ===============
 
Hi,

If help still needed make sure word wrap in notepad is disabled. Then run DDS again and post back contents of dds.txt & attach.txt logs it creates.
 
Sorry here is the non word wrapped versions.

dds.txt contents -----

DDS (Ver_10-03-17.01) - NTFSx86
Run by Casey Kline at 15:51:09.68 on Mon 08/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.626 [GMT -4:00]

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\Documents and Settings\Casey Kline\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\BW Monitor\BWMonitor.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
D:\WINDOWS\system32\system\svchost.exe
D:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\WINDOWS\system32\drivers\safesurf.exe
D:\WINDOWS\system32\drivers\surfguard.exe
C:\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE
C:\Downloads\dds.scr
D:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AtiTrayTools] "c:\program files\ray adams\ati tray tools\atitray.exe"
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [Google Update] "d:\documents and settings\casey kline\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [TpScrex] c:\programdata\tpscrex\TpScrex.exe /somering
uRun: [Fraps] c:\fraps\FRAPS.EXE
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [jsafesurf] d:\windows\system32\drivers\safesurf.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\dropbox.lnk - d:\documents and settings\casey kline\application data\dropbox\bin\Dropbox.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\bw monitor\BWMonitor.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\shortc~2.lnk - d:\windows\system32\taskmgr.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277092124018
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
IFEO: taskmgr.exe - "c:\downloads\processexplorer\PROCEXP.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\caseyk~1\applic~1\mozilla\firefox\profiles\vfhp6q8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\csweblauncher@cyberstep.com\plugins\npCsWebLauncher.dll
FF - plugin: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\kos@dontblynk.com\platform\winnt_x86-msvc\plugins\NPSting.dll
FF - plugin: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: d:\documents and settings\casey kline\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2009-11-25 19232]
R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys [2010-6-20 10448]
R2 Win_Updater;Win32 Updater;d:\windows\system32\system\svchost.exe [2010-8-21 1405440]
R3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [2010-6-21 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz130;cpuz130;\??\d:\docume~1\caseyk~1\locals~1\temp\cpuz130\cpuz_x32.sys --> d:\docume~1\caseyk~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-08-30 17:56:22 0 d-----w- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-30 17:56:22 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-30 17:42:03 19456 ----a-w- d:\windows\system32\drivers\surfguard.exe
2010-08-30 17:39:32 0 d-----w- d:\windows\system32\drivers\f
2010-08-30 17:39:31 16896 ----a-w- d:\windows\system32\drivers\up.exe
2010-08-30 17:39:16 211968 ----a-w- d:\windows\system32\drivers\safesurf.exe
2010-08-30 13:31:09 158720 ----a-w- d:\windows\system32\drivers\skybound.gecko.dll
2010-08-28 04:54:13 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-08-28 03:05:44 0 d-----w- d:\windows\system32\xlive
2010-08-28 03:01:33 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2010-08-27 23:11:45 0 d-----w- d:\windows\usgwmt
2010-08-27 22:01:01 0 d-sh--w- d:\docume~1\alluse~1\applic~1\SecuROM
2010-08-27 21:27:35 0 d-----w- c:\program files\2K Games
2010-08-27 20:55:52 0 d-----w- d:\windows\pss
2010-08-27 19:41:59 0 d-----w- d:\windows\system32\appmgmt
2010-08-27 00:52:08 0 d-----w- d:\docume~1\alluse~1\applic~1\Caelum
2010-08-27 00:50:56 4286 ----a-w- d:\windows\system32\ico.ico
2010-08-27 00:50:52 0 d-----w- d:\windows\system32\system
2010-08-27 00:50:46 0 d-----w- d:\windows\system32\webem
2010-08-24 18:35:46 0 d-----w- c:\program files\common files\Futuremark Shared
2010-08-24 03:21:33 0 d-----w- d:\docume~1\caseyk~1\applic~1\ArtificialStudios
2010-08-24 03:17:12 0 d-----w- c:\program files\Artificial Studios
2010-08-23 03:01:42 0 d-----w- d:\documents and settings\casey kline\oni
2010-08-20 23:40:09 0 d-----w- c:\program files\Apophysis 2.0
2010-08-20 17:34:43 0 d-----w- c:\program files\Alien Skin
2010-08-19 21:23:15 0 d-----w- d:\docume~1\alluse~1\applic~1\NOMBZ Save Data
2010-08-19 20:37:00 0 d-----w- c:\program files\ReflexiveArcade
2010-08-19 18:55:03 28 ----a-w- d:\windows\pdf995.ini
2010-08-19 18:43:48 59 ----a-w- d:\windows\wpd99.drv
2010-08-19 18:43:48 51716 ----a-w- d:\windows\system32\pdf995mon.dll
2010-08-19 18:43:48 249856 ----a-w- d:\windows\system32\pdfmona.dll
2010-08-19 18:43:48 0 d-----w- d:\docume~1\alluse~1\applic~1\pdf995
2010-08-19 18:43:45 0 d-----w- c:\program files\pdf995
2010-08-16 14:52:58 0 d-----w- c:\program files\MSECache
2010-08-15 23:44:29 0 d-----w- c:\program files\oZone3D
2010-08-15 22:13:33 0 d-----w- d:\docume~1\caseyk~1\applic~1\URSE Games
2010-08-15 21:22:06 0 d-----w- d:\docume~1\alluse~1\applic~1\Trymedia
2010-08-15 21:20:35 0 d-----w- d:\windows\system32\weber
2010-08-15 16:02:14 817664 ----a-w- d:\windows\system32\Help64.exe
2010-08-12 18:05:29 0 d-----w- d:\docume~1\caseyk~1\applic~1\runic games
2010-08-12 17:48:53 0 d-----w- c:\program files\Alcohol Soft
2010-08-12 17:31:16 721904 ----a-w- d:\windows\system32\drivers\sptd.sys
2010-08-10 20:25:58 0 d-----w- d:\docume~1\caseyk~1\applic~1\Jumb-O-Fun Games
2010-08-10 20:19:39 4096 ----a-w- d:\windows\d3dx.dat
2010-08-10 18:30:06 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-08-10 15:41:08 0 d-----w- d:\windows\Uninstall
2010-08-10 15:40:52 0 d-----w- c:\program files\3D Realms
2010-08-05 19:33:06 0 d-----w- c:\program files\GamersFirst
2010-08-05 19:21:55 0 d-----w- d:\docume~1\caseyk~1\applic~1\JAM Software
2010-08-05 19:21:46 0 d-----w- c:\program files\JAM Software
2010-08-04 03:42:33 0 d-----w- d:\docume~1\caseyk~1\applic~1\AnvSoft
2010-08-04 03:42:19 0 d-----w- c:\program files\AnvSoft

==================== Find3M ====================

2010-08-23 03:14:02 156672 ----a-w- d:\windows\system32\rmc_fixasf.exe
2010-08-23 03:13:57 237568 ----a-w- d:\windows\system32\rmc_rtspdl.dll
2010-07-17 09:00:04 423656 ----a-w- d:\windows\system32\deployJava1.dll
2010-07-16 04:38:54 392704 ----a-w- d:\windows\system32\ICH.exe
2010-07-15 16:01:12 42612 ----a-w- d:\windows\fonts\Horst Roman Gothic.ttf
2010-07-15 14:10:20 17896 ----a-w- d:\windows\fonts\paola.ttf
2010-06-30 12:31:35 149504 ----a-w- d:\windows\system32\schannel.dll
2010-06-25 13:14:52 151552 ----a-w- d:\windows\system32\nvRegDev.dll
2010-06-24 12:22:03 916480 ----a-w- d:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- d:\windows\system32\win32k.sys
2010-06-21 02:08:43 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2010-06-17 14:03:00 80384 ----a-w- d:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- d:\windows\system32\msxml3.dll
2010-06-02 08:55:30 74072 ----a-w- d:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55:30 527192 ----a-w- d:\windows\system32\XAudio2_7.dll
2010-06-02 08:55:30 239960 ----a-w- d:\windows\system32\xactengine3_7.dll

============= FINISH: 15:51:52.51 ===============


Contents of Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/20/2010 10:15:14 PM
System Uptime: 8/30/2010 9:25:02 AM (6 hours ago)

Motherboard: | | K8M800-8237
Processor: AMD Athlon(tm) 64 Processor 3000+ | Socket 754 | 1999/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 129 GiB total, 37.055 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 8.963 GiB free.
E: is CDROM (UDF)
F: is CDROM (UDF)
G: is FIXED (NTFS) - 931 GiB total, 451.543 GiB free.
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_53001565&REV_80\3&267A616A&0&78
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_53001565&REV_80\3&267A616A&0&78
Service:

==== System Restore Points ===================

RP87: 8/18/2010 4:15:05 PM - Software Distribution Service 3.0
RP88: 8/19/2010 2:20:00 PM - Software Distribution Service 3.0
RP89: 8/19/2010 2:43:55 PM - Printer Driver PDF995 Printer Driver Installed
RP90: 8/19/2010 5:20:02 PM - Installed DirectX
RP91: 8/19/2010 5:22:19 PM - Installed AGEIA PhysX v7.11.13
RP92: 8/20/2010 5:32:59 PM - System Checkpoint
RP93: 8/21/2010 5:54:44 PM - System Checkpoint
RP94: 8/22/2010 7:26:04 PM - System Checkpoint
RP95: 8/23/2010 4:18:40 PM - Removed War Rock
RP96: 8/23/2010 11:17:07 PM - Installed Monster Madness: Battle for Suburbia.
RP97: 8/23/2010 11:22:01 PM - Installed Monster Madness Patch 1.01
RP98: 8/25/2010 12:18:47 AM - System Checkpoint
RP99: 8/25/2010 2:47:03 PM - Installed NVIDIA PhysX
RP100: 8/26/2010 9:14:57 PM - System Checkpoint
RP101: 8/27/2010 3:34:51 PM - Removed Monster Madness Patch 1.01
RP102: 8/27/2010 3:39:51 PM - Removed Monster Madness: Battle for Suburbia.
RP103: 8/27/2010 5:26:46 PM - Installed Borderlands
RP104: 8/27/2010 7:07:42 PM - Installed Borderlands
RP105: 8/27/2010 8:45:44 PM - Removed Borderlands
RP106: 8/27/2010 11:05:56 PM - Installed DirectX
RP107: 8/27/2010 11:07:28 PM - Installed DirectX
RP108: 8/27/2010 11:09:34 PM - Installed Fallout 3
RP109: 8/28/2010 12:54:32 AM - Installed DirectX
RP110: 8/29/2010 2:29:14 AM - System Checkpoint
RP111: 8/30/2010 3:27:43 AM - System Checkpoint
RP112: 8/30/2010 8:54:28 AM - Installed Fallout 3 - DLC EN

==== Installed Programs ======================

Aces of Galaxy 1.00
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Swarm
AMD Processor Driver
Any Video Converter Professional 3.0.1
Apophysis 2.0
ATI - Software Uninstall Utility
ATI Display Driver
Audacity 1.3.9 (Unicode)
Auto Gordian Knot 2.55
AviSynth 2.5
Caelum
CosmicBreak_eng
Dropbox
Duke Nukem: Manhattan Project
eReg
ESET Smart Security
Fallout 3
Fallout Mod Manager 0.12.3
Fire3 v.3.32
Fraps (remove only)
Futuremark SystemInfo
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Impulse
Java Auto Updater
Java(TM) 6 Update 21
LAME v3.98.2 for Audacity
LightWave 3D 9.6
Logitech SetPoint 6.1
LynX 3D Viewer Lite Edition v1.5.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MozBackup 1.4.10
Mozilla Firefox (3.6.8)
Mp3tag v2.46a
MSVCRT
NeoTrace Pro 3.25
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
OpenOffice.org 3.2
Pdf995
Platform
Poser Pro 2010 Content
Python 3.1.2
Ray Adams ATI Tray Tools
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Segoe UI
Sins of a Solar Empire
Sins of a Solar Empire - Diplomacy
Sins of a Solar Empire - Entrenchment
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
Steam
System Requirements Lab
TeamViewer 5
Theseus Return of the Hero
Torchlight
TreeSize Professional 5.2.2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
Visual C++ 8.0 MFC (x86) WinSXS MSM
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
VLC media player 1.1.0
VobSub v2.23 (Remove Only)
WebFldrs XP
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
WinRAR archiver
XviD MPEG4 Video Codec (remove only)


==== Event Viewer Messages From Past Week ========

8/27/2010 5:15:08 PM, error: Service Control Manager [7022] - The Windows Search service hung on starting.
8/27/2010 5:06:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/27/2010 4:46:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 atitray ehdrv Fips
8/27/2010 4:45:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/27/2010 2:49:46 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
8/26/2010 8:00:00 PM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
8/24/2010 6:20:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
8/24/2010 6:20:39 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================



Some info since the original posting.
I found a safesurf process in msconfig that ia vhe disabled adn this stops teh process from rebooting itself if i kill it in Process Explorer and delete the files, but it apparently magically resurrects itself on a reboot of the computer.

d:\windows\system32\drivers\surfguard.exe
d:\windows\system32\drivers\f
d:\windows\system32\drivers\up.exe
d:\windows\system32\drivers\safesurf.exe
d:\windows\system32\drivers\skybound.gecko.dll

All of those are involved in this peice of software. I jsut cant figure out how to get rid of permanently so i can reboot without fear.
 
Hi,

Avoid doing any fixing attempts not listed in my instructions, please.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Okay here are the all new season of "Logs". Available only the Spybot Forum channel ;D.


New DDS Log contents -----


DDS (Ver_10-03-17.01) - NTFSx86
Run by Casey Kline at 12:15:11.40 on Sun 09/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.423 [GMT -4:00]

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
D:\WINDOWS\system32\SearchIndexer.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\Documents and Settings\Casey Kline\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\BW Monitor\BWMonitor.exe
D:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\WINDOWS\system32\drivers\safesurf.exe
D:\WINDOWS\system32\drivers\surfguard.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AtiTrayTools] "c:\program files\ray adams\ati tray tools\atitray.exe"
uRun: [Google Update] "d:\documents and settings\casey kline\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [Fraps] c:\fraps\FRAPS.EXE
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Ask and Record FLV Service] "c:\program files\replay media catcher\FLVSrvc.exe" /run
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [jsafesurf] d:\windows\system32\drivers\safesurf.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\dropbox.lnk - d:\documents and settings\casey kline\application data\dropbox\bin\Dropbox.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\bw monitor\BWMonitor.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\shortc~2.lnk - d:\windows\system32\taskmgr.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277092124018
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\caseyk~1\applic~1\mozilla\firefox\profiles\vfhp6q8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\csweblauncher@cyberstep.com\plugins\npCsWebLauncher.dll
FF - plugin: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\kos@dontblynk.com\platform\winnt_x86-msvc\plugins\NPSting.dll
FF - plugin: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: d:\documents and settings\casey kline\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2009-11-25 19232]
R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys [2010-6-20 10448]
R3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [2010-6-21 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S3 cpuz130;cpuz130;\??\d:\docume~1\caseyk~1\locals~1\temp\cpuz130\cpuz_x32.sys --> d:\docume~1\caseyk~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-6-21 14424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-05 15:47:48 98816 ----a-w- d:\windows\sed.exe
2010-09-05 15:47:48 77312 ----a-w- d:\windows\MBR.exe
2010-09-05 15:47:48 256512 ----a-w- d:\windows\PEV.exe
2010-09-05 15:47:48 161792 ----a-w- d:\windows\SWREG.exe
2010-09-05 15:25:59 0 d-----w- d:\windows\setup.pss
2010-09-05 15:25:41 0 d-----w- d:\windows\setupupd
2010-09-05 14:49:14 19456 ----a-w- d:\windows\system32\drivers\surfguard.exe
2010-09-05 14:49:14 158720 ----a-w- d:\windows\system32\drivers\skybound.gecko.dll
2010-09-05 14:46:51 0 d-----w- d:\windows\system32\drivers\f
2010-09-05 14:46:50 16896 ----a-w- d:\windows\system32\drivers\up.exe
2010-09-05 14:45:43 211968 ----a-w- d:\windows\system32\drivers\safesurf.exe
2010-09-05 02:47:42 0 d-----w- d:\windows\system32\NtmsData
2010-08-31 13:16:37 0 d-----w- d:\docume~1\caseyk~1\applic~1\.minecraft
2010-08-30 17:56:22 0 d-----w- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-30 17:56:22 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-28 04:54:13 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-08-28 03:05:44 0 d-----w- d:\windows\system32\xlive
2010-08-28 03:01:33 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2010-08-27 22:01:01 0 d-sh--w- d:\docume~1\alluse~1\applic~1\SecuROM
2010-08-27 21:27:35 0 d-----w- c:\program files\2K Games
2010-08-27 20:55:52 0 d-----w- d:\windows\pss
2010-08-27 19:41:59 0 d-----w- d:\windows\system32\appmgmt
2010-08-27 00:50:46 0 d-----w- d:\windows\system32\webem
2010-08-24 18:35:46 0 d-----w- c:\program files\common files\Futuremark Shared
2010-08-24 03:21:33 0 d-----w- d:\docume~1\caseyk~1\applic~1\ArtificialStudios
2010-08-24 03:17:12 0 d-----w- c:\program files\Artificial Studios
2010-08-23 03:01:42 0 d-----w- d:\documents and settings\casey kline\oni
2010-08-20 23:40:09 0 d-----w- c:\program files\Apophysis 2.0
2010-08-20 17:34:43 0 d-----w- c:\program files\Alien Skin
2010-08-19 21:23:15 0 d-----w- d:\docume~1\alluse~1\applic~1\NOMBZ Save Data
2010-08-19 20:37:00 0 d-----w- c:\program files\ReflexiveArcade
2010-08-19 18:55:03 28 ----a-w- d:\windows\pdf995.ini
2010-08-19 18:43:48 59 ----a-w- d:\windows\wpd99.drv
2010-08-19 18:43:48 51716 ----a-w- d:\windows\system32\pdf995mon.dll
2010-08-19 18:43:48 249856 ----a-w- d:\windows\system32\pdfmona.dll
2010-08-19 18:43:48 0 d-----w- d:\docume~1\alluse~1\applic~1\pdf995
2010-08-19 18:43:45 0 d-----w- c:\program files\pdf995
2010-08-16 14:52:58 0 d-----w- c:\program files\MSECache
2010-08-15 22:13:33 0 d-----w- d:\docume~1\caseyk~1\applic~1\URSE Games
2010-08-15 21:22:06 0 d-----w- d:\docume~1\alluse~1\applic~1\Trymedia
2010-08-15 21:20:35 0 d-----w- d:\windows\system32\weber
2010-08-15 16:02:14 817664 ----a-w- d:\windows\system32\Help64.exe
2010-08-12 18:05:29 0 d-----w- d:\docume~1\caseyk~1\applic~1\runic games
2010-08-12 17:48:53 0 d-----w- c:\program files\Alcohol Soft
2010-08-12 17:31:16 721904 ----a-w- d:\windows\system32\drivers\sptd.sys
2010-08-10 20:25:58 0 d-----w- d:\docume~1\caseyk~1\applic~1\Jumb-O-Fun Games
2010-08-10 20:19:39 4096 ----a-w- d:\windows\d3dx.dat
2010-08-10 18:30:06 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-08-10 15:41:08 0 d-----w- d:\windows\Uninstall
2010-08-10 15:40:52 0 d-----w- c:\program files\3D Realms

==================== Find3M ====================

2010-08-23 03:14:02 156672 ----a-w- d:\windows\system32\rmc_fixasf.exe
2010-08-23 03:13:57 237568 ----a-w- d:\windows\system32\rmc_rtspdl.dll
2010-07-17 09:00:04 423656 ----a-w- d:\windows\system32\deployJava1.dll
2010-07-16 04:38:54 392704 ----a-w- d:\windows\system32\ICH.exe
2010-07-15 16:01:12 42612 ----a-w- d:\windows\fonts\Horst Roman Gothic.ttf
2010-07-15 14:10:20 17896 ----a-w- d:\windows\fonts\paola.ttf
2010-06-30 12:31:35 149504 ----a-w- d:\windows\system32\schannel.dll
2010-06-25 13:14:52 151552 ----a-w- d:\windows\system32\nvRegDev.dll
2010-06-24 12:22:03 916480 ----a-w- d:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- d:\windows\system32\win32k.sys
2010-06-21 02:08:43 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2010-06-17 14:03:00 80384 ----a-w- d:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- d:\windows\system32\msxml3.dll

============= FINISH: 12:15:30.82 ===============


New attach Log Contents------------


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/20/2010 10:15:14 PM
System Uptime: 9/5/2010 11:56:10 AM (1 hours ago)

Motherboard: | | K8M800-8237
Processor: AMD Athlon(tm) 64 Processor 3000+ | Socket 754 | 1999/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 129 GiB total, 31.822 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 8.972 GiB free.
E: is CDROM ()
F: is CDROM (UDF)
G: is FIXED (NTFS) - 931 GiB total, 451.672 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_53001565&REV_80\3&267A616A&0&78
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_53001565&REV_80\3&267A616A&0&78
Service:

==== System Restore Points ===================

RP92: 8/20/2010 5:32:59 PM - System Checkpoint
RP93: 8/21/2010 5:54:44 PM - System Checkpoint
RP94: 8/22/2010 7:26:04 PM - System Checkpoint
RP95: 8/23/2010 4:18:40 PM - Removed War Rock
RP96: 8/23/2010 11:17:07 PM - Installed Monster Madness: Battle for Suburbia.
RP97: 8/23/2010 11:22:01 PM - Installed Monster Madness Patch 1.01
RP98: 8/25/2010 12:18:47 AM - System Checkpoint
RP99: 8/25/2010 2:47:03 PM - Installed NVIDIA PhysX
RP100: 8/26/2010 9:14:57 PM - System Checkpoint
RP101: 8/27/2010 3:34:51 PM - Removed Monster Madness Patch 1.01
RP102: 8/27/2010 3:39:51 PM - Removed Monster Madness: Battle for Suburbia.
RP103: 8/27/2010 5:26:46 PM - Installed Borderlands
RP104: 8/27/2010 7:07:42 PM - Installed Borderlands
RP105: 8/27/2010 8:45:44 PM - Removed Borderlands
RP106: 8/27/2010 11:05:56 PM - Installed DirectX
RP107: 8/27/2010 11:07:28 PM - Installed DirectX
RP108: 8/27/2010 11:09:34 PM - Installed Fallout 3
RP109: 8/28/2010 12:54:32 AM - Installed DirectX
RP110: 8/29/2010 2:29:14 AM - System Checkpoint
RP111: 8/30/2010 3:27:43 AM - System Checkpoint
RP112: 8/30/2010 8:54:28 AM - Installed Fallout 3 - DLC EN
RP113: 8/31/2010 9:53:02 AM - System Checkpoint
RP114: 9/1/2010 10:09:09 AM - System Checkpoint
RP115: 9/2/2010 11:07:29 AM - System Checkpoint
RP116: 9/3/2010 12:04:33 PM - System Checkpoint
RP117: 9/3/2010 9:55:27 PM - Removed Fallout 3
RP118: 9/4/2010 6:23:04 PM - Installed DirectX
RP119: 9/4/2010 6:25:15 PM - Installed Fallout 3
RP120: 9/4/2010 7:14:37 PM - Installed Fallout 3 - DLC EN

==== Installed Programs ======================

Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Swarm
AMD Processor Driver
Any Video Converter Professional 3.0.1
Apophysis 2.0
Applian Director
ATI - Software Uninstall Utility
ATI Display Driver
Audacity 1.3.9 (Unicode)
Auto Gordian Knot 2.55
AviSynth 2.5
Caelum
CosmicBreak_eng
Dropbox
Duke Nukem: Manhattan Project
DVD Decrypter (Remove Only)
eReg
ESET Smart Security
Fallout 3
Fallout Mod Manager 0.12.5
Fraps (remove only)
Futuremark SystemInfo
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Impulse
Java Auto Updater
Java(TM) 6 Update 21
LAME v3.98.2 for Audacity
LightWave 3D 9.6
Logitech SetPoint 6.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MozBackup 1.4.10
Mozilla Firefox (3.6.8)
Mp3tag v2.46a
MSVCRT
NeoTrace Pro 3.25
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
OpenOffice.org 3.2
Pdf995
PeerBlock 1.0.0 (r181)
Platform
Poser Pro 2010 Content
Python 3.1.2
Ray Adams ATI Tray Tools
Realtek AC'97 Audio
Replay Media Catcher 3.11
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Segoe UI
Sins of a Solar Empire
Sins of a Solar Empire - Diplomacy
Sins of a Solar Empire - Entrenchment
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
Steam
System Requirements Lab
TeamViewer 5
Torchlight
TreeSize Professional 5.2.2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
Visual C++ 8.0 MFC (x86) WinSXS MSM
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
VLC media player 1.1.0
VobSub v2.23 (Remove Only)
WebFldrs XP
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
WinRAR archiver
XviD MPEG4 Video Codec (remove only)
ZumasRevengeAdventure 1.00

==== Event Viewer Messages From Past Week ========

9/5/2010 11:57:31 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
9/5/2010 11:47:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 atitray ehdrv Fips
9/5/2010 11:45:51 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/4/2010 8:02:36 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/4/2010 8:02:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
9/2/2010 3:20:52 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/1/2010 8:00:00 PM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
8/31/2010 4:04:56 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


New Combofix Log contents --------------------

ComboFix 10-09-04.06 - Casey Kline 09/05/2010 11:50:29.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.800 [GMT -4:00]
Running from: c:\downloads\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\All Users\Application Data\Caelum
d:\documents and settings\All Users\Application Data\Caelum\hs.cpf
d:\documents and settings\All Users\Application Data\Caelum\save.cpf
d:\windows\system32\ico.ico
d:\windows\system32\system
d:\windows\system32\SYSTEM\svchost.exe
d:\windows\usgwmt
d:\windows\usgwmt\BReWErS.dll
G:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_Win_Updater
-------\Legacy_Win_Updater
-------\Service_Win_Updater
-------\Service_Win_Updater


((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-05 14:49 . 2010-09-02 15:55 19456 ----a-w- d:\windows\system32\drivers\surfguard.exe
2010-09-05 14:49 . 2009-09-08 21:54 158720 ----a-w- d:\windows\system32\drivers\skybound.gecko.dll
2010-09-05 14:46 . 2010-09-05 15:14 -------- d-----w- d:\windows\system32\drivers\f
2010-09-05 14:46 . 2010-09-05 14:46 16896 ----a-w- d:\windows\system32\drivers\up.exe
2010-09-05 14:45 . 2010-09-02 15:55 211968 ----a-w- d:\windows\system32\drivers\safesurf.exe
2010-09-05 02:47 . 2010-09-05 02:51 -------- d-----w- d:\windows\system32\NtmsData
2010-08-31 13:16 . 2010-08-31 13:26 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\.minecraft
2010-08-30 17:56 . 2010-08-30 18:47 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-30 17:56 . 2010-08-30 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-28 04:54 . 2010-08-28 04:54 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-08-28 03:22 . 2010-08-30 00:02 -------- d-----w- d:\documents and settings\Casey Kline\Local Settings\Application Data\Fallout3
2010-08-28 03:09 . 2010-09-04 22:25 -------- d-----w- d:\documents and settings\All Users\Application Data\Fallout3
2010-08-28 03:05 . 2010-08-28 03:05 -------- d-----w- d:\windows\system32\xlive
2010-08-28 03:01 . 2010-08-28 03:01 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2010-08-27 22:01 . 2010-08-27 22:01 -------- d-sh--w- d:\documents and settings\All Users\Application Data\SecuROM
2010-08-27 21:27 . 2010-08-27 21:27 -------- d-----w- c:\program files\2K Games
2010-08-27 00:51 . 2010-08-27 00:51 32272 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-27 00:50 . 2010-08-27 02:04 -------- d-----w- d:\windows\system32\webem
2010-08-24 18:35 . 2010-08-24 18:35 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-08-24 03:21 . 2010-08-24 03:21 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\ArtificialStudios
2010-08-24 03:17 . 2010-08-24 03:17 -------- d-----w- c:\program files\Artificial Studios
2010-08-23 03:01 . 2010-08-23 03:01 -------- d-----w- d:\documents and settings\Casey Kline\oni
2010-08-20 23:40 . 2010-08-23 03:21 -------- d-----w- c:\program files\Apophysis 2.0
2010-08-20 18:07 . 2010-08-20 18:07 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\Alien Skin
2010-08-20 17:34 . 2010-08-20 17:34 -------- d-----w- c:\program files\Alien Skin
2010-08-19 21:23 . 2010-08-19 21:24 -------- d-----w- d:\documents and settings\All Users\Application Data\NOMBZ Save Data
2010-08-19 20:37 . 2010-08-19 20:37 -------- d-----w- c:\program files\ReflexiveArcade
2010-08-19 18:55 . 2010-08-19 18:55 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\pdf995
2010-08-19 18:43 . 2010-08-19 21:13 59 ----a-w- d:\windows\wpd99.drv
2010-08-19 18:43 . 2010-08-19 21:13 -------- d-----w- d:\documents and settings\All Users\Application Data\pdf995
2010-08-19 18:43 . 2010-08-19 18:43 51716 ----a-w- d:\windows\system32\pdf995mon.dll
2010-08-19 18:43 . 2010-08-19 18:43 249856 ----a-w- d:\windows\system32\pdfmona.dll
2010-08-19 18:43 . 2010-08-19 18:53 -------- d-----w- c:\program files\pdf995
2010-08-16 14:52 . 2010-08-16 14:52 -------- d-----w- c:\program files\MSECache
2010-08-15 22:13 . 2010-08-15 22:13 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\URSE Games
2010-08-15 21:22 . 2010-08-15 21:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Trymedia
2010-08-15 21:20 . 2010-08-15 21:20 -------- d-----w- d:\windows\system32\weber
2010-08-15 16:02 . 2010-08-15 16:02 817664 ----a-w- d:\windows\system32\Help64.exe
2010-08-12 18:05 . 2010-08-12 18:05 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\runic games
2010-08-12 17:48 . 2010-08-12 17:48 -------- d-----w- c:\program files\Alcohol Soft
2010-08-12 17:31 . 2010-08-12 17:31 721904 ----a-w- d:\windows\system32\drivers\sptd.sys
2010-08-11 02:12 . 2010-08-11 02:12 -------- d-----w- c:\program files\Common Files\Java
2010-08-10 20:25 . 2010-08-10 20:25 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\Jumb-O-Fun Games
2010-08-10 20:19 . 2010-08-10 20:19 4096 ----a-w- d:\windows\d3dx.dat
2010-08-10 18:30 . 2010-08-12 17:33 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-10 15:41 . 2010-08-10 15:41 451072 ----a-w- d:\windows\uninstall\DN-MP.exe
2010-08-10 15:41 . 2010-08-10 15:41 -------- d-----w- d:\windows\Uninstall
2010-08-10 15:40 . 2010-08-10 15:40 -------- d-----w- c:\program files\3D Realms

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 15:57 . 2010-06-30 15:44 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\Dropbox
2010-09-05 15:57 . 2010-06-21 23:29 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-09-05 15:31 . 2010-09-05 14:49 35 ----a-w- d:\windows\system32\drivers\auth.txt
2010-09-05 14:49 . 2010-09-05 14:49 13528 ----a-w- d:\windows\system32\drivers\block.txt
2010-09-05 00:40 . 2010-06-21 02:58 1324 ----a-w- d:\windows\system32\d3d9caps.dat
2010-09-04 22:25 . 2010-06-21 02:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-27 19:48 . 2010-06-21 12:38 -------- d-----w- c:\program files\Steam
2010-08-27 18:52 . 2010-07-25 20:20 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\Skype
2010-08-27 18:51 . 2010-07-25 20:20 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\skypePM
2010-08-25 18:48 . 2010-06-25 13:16 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-25 18:48 . 2010-06-21 14:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-25 18:31 . 2010-06-21 02:33 -------- d-----w- c:\program files\ESET
2010-08-23 03:15 . 2010-07-15 00:01 -------- d-----w- c:\program files\Replay Media Catcher
2010-08-23 03:14 . 2010-07-15 00:04 156672 ----a-w- d:\windows\system32\rmc_fixasf.exe
2010-08-23 03:13 . 2010-07-15 00:04 237568 ----a-w- d:\windows\system32\rmc_rtspdl.dll
2010-08-20 04:07 . 2010-06-30 02:29 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\vlc
2010-08-19 21:37 . 2010-06-21 02:41 32272 ----a-w- d:\documents and settings\Casey Kline\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-19 21:12 . 2010-06-25 23:53 1 ----a-w- d:\documents and settings\Casey Kline\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-11 02:12 . 2010-06-21 20:35 -------- d-----w- c:\program files\Java
2010-08-09 19:35 . 2010-08-22 23:52 75776 ----a-w- d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\CSWebLauncher@cyberstep.com\plugins\npCsWebLauncher.dll
2010-08-05 19:33 . 2010-08-05 19:33 -------- d-----w- c:\program files\GamersFirst
2010-08-05 19:21 . 2010-08-05 19:21 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\JAM Software
2010-08-05 19:21 . 2010-08-05 19:21 -------- d-----w- c:\program files\JAM Software
2010-08-05 06:41 . 2010-08-05 06:41 503808 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2351dcc9-n\msvcp71.dll
2010-08-05 06:41 . 2010-08-05 06:41 499712 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2351dcc9-n\jmc.dll
2010-08-05 06:41 . 2010-08-05 06:41 348160 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2351dcc9-n\msvcr71.dll
2010-08-05 06:40 . 2010-08-05 06:40 61440 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-526014b9-n\decora-sse.dll
2010-08-05 06:40 . 2010-08-05 06:40 12800 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-526014b9-n\decora-d3d.dll
2010-08-04 03:42 . 2010-08-04 03:42 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\AnvSoft
2010-08-04 03:42 . 2010-08-04 03:42 -------- d-----w- c:\program files\AnvSoft
2010-08-03 06:11 . 2010-08-31 13:26 65024 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\jinput-dx8_64.dll
2010-08-03 06:11 . 2010-08-31 13:26 62464 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\jinput-raw_64.dll
2010-08-03 06:11 . 2010-08-31 13:26 61952 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\jinput-dx8.dll
2010-08-03 06:11 . 2010-08-31 13:26 59392 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\jinput-raw.dll
2010-08-03 06:11 . 2010-08-31 13:26 273920 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\lwjgl64.dll
2010-08-03 06:11 . 2010-08-31 13:26 195072 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\OpenAL64.dll
2010-08-03 06:11 . 2010-08-31 13:26 193024 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\lwjgl.dll
2010-08-03 06:11 . 2010-08-31 13:26 108032 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\OpenAL32.dll
2010-07-29 22:19 . 2010-06-25 13:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-28 02:09 . 2010-07-28 02:09 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-28 02:09 . 2010-07-28 02:09 85504 ----a-w- d:\documents and settings\Casey Kline\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-07-28 02:09 . 2010-07-28 02:09 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\SystemRequirementsLab
2010-07-25 20:20 . 2010-07-25 20:20 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-07-25 20:19 . 2010-07-25 20:19 -------- d-----r- c:\program files\Skype
2010-07-25 20:19 . 2010-07-25 20:19 -------- d-----w- c:\program files\Common Files\Skype
2010-07-25 20:19 . 2010-07-25 20:18 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2010-07-25 17:07 . 2010-07-25 17:07 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\Malwarebytes
2010-07-25 17:06 . 2010-07-25 17:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-25 17:06 . 2010-07-25 17:06 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-18 03:49 . 2010-07-18 03:43 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\TeamViewer
2010-07-18 03:43 . 2010-07-18 03:43 -------- d-----w- c:\program files\TeamViewer
2010-07-17 09:00 . 2010-06-21 20:35 423656 ----a-w- d:\windows\system32\deployJava1.dll
2010-07-16 04:38 . 2010-07-16 04:38 392704 ----a-w- d:\windows\system32\ICH.exe
2010-07-15 00:03 . 2010-07-15 00:03 -------- d-----w- c:\program files\Applian Director
2010-07-09 14:44 . 2010-07-09 14:44 -------- d-----w- c:\program files\EPSON
2010-06-30 20:16 . 2010-06-22 00:58 139110 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2010-06-30 15:44 . 2010-06-30 15:44 89831 ----a-w- d:\documents and settings\Casey Kline\Application Data\Dropbox\bin\Uninstall.exe
2010-06-30 12:31 . 2008-04-14 04:42 149504 ----a-w- d:\windows\system32\schannel.dll
2010-06-25 13:14 . 2010-06-25 13:15 151552 ----a-w- d:\windows\system32\nvRegDev.dll
2010-06-24 19:07 . 2010-06-24 19:07 0 ----a-w- d:\windows\popcreg.dat
2010-06-24 19:07 . 2010-06-24 19:07 0 ----a-w- d:\windows\popcinfot.dat
2010-06-24 12:22 . 2008-04-14 04:42 916480 ----a-w- d:\windows\system32\wininet.dll
2010-06-24 02:13 . 2010-06-22 19:10 639978 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2052111302-1979792683-1801674531-1003-0.dat
2010-06-23 13:44 . 2008-04-14 00:00 1851904 ----a-w- d:\windows\system32\win32k.sys
2010-06-22 02:20 . 2010-06-21 02:11 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-21 20:36 . 2010-06-21 20:36 503808 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f772ce5-n\msvcp71.dll
2010-06-21 20:36 . 2010-06-21 20:36 499712 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f772ce5-n\jmc.dll
2010-06-21 20:36 . 2010-06-21 20:36 348160 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f772ce5-n\msvcr71.dll
2010-06-21 20:35 . 2010-06-21 20:35 61440 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-426bf51c-n\decora-sse.dll
2010-06-21 20:35 . 2010-06-21 20:35 12800 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-426bf51c-n\decora-d3d.dll
2010-06-21 15:27 . 2008-04-13 23:45 354304 ----a-w- d:\windows\system32\drivers\srv.sys
2010-06-21 11:59 . 2010-06-21 11:59 0 ----a-w- d:\windows\ativpsrm.bin
2010-06-21 03:27 . 2010-06-21 03:27 53248 ----a-r- d:\documents and settings\Casey Kline\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-06-21 03:27 . 2010-06-21 03:27 16400 ----a-w- d:\windows\system32\drivers\LNonPnP.sys
2010-06-21 03:14 . 2009-05-05 13:58 13976 ----a-w- d:\windows\system32\drivers\videX32.sys
2010-06-21 02:56 . 2010-06-21 02:56 0 ----a-w- d:\windows\nsreg.dat
2010-06-21 02:08 . 2010-06-21 02:08 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2010-06-17 14:03 . 2008-04-14 04:41 80384 ----a-w- d:\windows\system32\iccvid.dll
2010-06-16 19:00 . 2010-06-22 19:41 3145920 -c--a-w- d:\documents and settings\All Users\Application Data\{18B9435B-CD3C-4E7E-A6EB-65605DCDDEC8}\Impulse_setup.exe
2010-06-16 18:56 . 2010-06-22 19:39 1119536 -c--a-w- d:\documents and settings\All Users\Application Data\{18B9435B-CD3C-4E7E-A6EB-65605DCDDEC8}\OFFLINE\86D01CB6\12FD35EB\impulse.dll
2010-06-16 18:55 . 2010-06-22 19:39 30000 -c--a-w- d:\documents and settings\All Users\Application Data\{18B9435B-CD3C-4E7E-A6EB-65605DCDDEC8}\OFFLINE\86D01CB6\757C30BC\SDSecurity.dll
2010-06-16 18:55 . 2010-06-22 19:39 468272 -c--a-w- d:\documents and settings\All Users\Application Data\{18B9435B-CD3C-4E7E-A6EB-65605DCDDEC8}\OFFLINE\86D01CB6\757C30BC\ImpulseNow.exe
2010-06-16 18:54 . 2010-06-22 19:39 868144 -c--a-w- d:\documents and settings\All Users\Application Data\{18B9435B-CD3C-4E7E-A6EB-65605DCDDEC8}\OFFLINE\86D01CB6\597810BF\7z.dll
2010-06-16 18:52 . 2010-06-22 19:39 9072 -c--a-w- d:\documents and settings\All Users\Application Data\{18B9435B-CD3C-4E7E-A6EB-65605DCDDEC8}\OFFLINE\86D01CB6\7A63466D\Sd.Irc.resources.dll
2010-06-14 16:08 . 2010-06-24 23:43 103424 ----a-w- d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-06-14 16:08 . 2010-06-24 23:43 545280 ----a-w- d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-06-14 16:08 . 2010-06-24 23:43 4687360 ----a-w- d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-06-14 16:08 . 2010-06-24 23:43 425984 ----a-w- d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-06-14 16:08 . 2010-06-24 23:43 152064 ----a-w- d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-06-14 16:08 . 2010-06-24 23:43 4687872 ----a-w- d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-06-14 16:08 . 2010-06-24 23:43 57856 ----a-w- d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-06-14 14:31 . 2010-06-21 02:09 744448 ----a-w- d:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-04-14 04:42 1172480 ----a-w- d:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Casey Kline\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Casey Kline\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Casey Kline\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"AtiTrayTools"="c:\program files\Ray Adams\ATI Tray Tools\atitray.exe" [2010-01-31 882688]
"Google Update"="d:\documents and settings\Casey Kline\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-05 136176]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"Fraps"="c:\fraps\FRAPS.EXE" [2009-01-03 1203880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"jsafesurf"="d:\windows\system32\drivers\safesurf.exe" [2010-09-02 211968]

d:\documents and settings\Casey Kline\Start Menu\Programs\Startup\
Dropbox.lnk - d:\documents and settings\Casey Kline\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2010-6-16 471040]
Shortcut to BWMonitor.lnk - c:\program files\BW Monitor\BWMonitor.exe [2010-6-20 224256]
Shortcut to taskmgr.lnk - d:\windows\system32\taskmgr.exe [2008-4-14 135680]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire Diplomacy.exe"=
"d:\\Documents and Settings\\Casey Kline\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=

R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [11/25/2009 8:11 AM 19232]
R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/11/2009 7:24 AM 735960]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys [6/20/2010 11:26 PM 10448]
R3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [6/21/2010 8:03 AM 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 cpuz130;cpuz130;\??\d:\docume~1\CASEYK~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> d:\docume~1\CASEYK~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [6/21/2010 8:32 PM 14424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 sptd;sptd;d:\windows\system32\drivers\sptd.sys [8/12/2010 1:31 PM 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-04 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1979792683-1801674531-1003Core.job
- d:\documents and settings\Casey Kline\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-05 18:33]

2010-09-05 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1979792683-1801674531-1003UA.job
- d:\documents and settings\Casey Kline\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-05 18:33]
.
.
------- Supplementary Scan -------
.
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
FF - ProfilePath - d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\CSWebLauncher@cyberstep.com\plugins\npCsWebLauncher.dll
FF - plugin: d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\kos@dontblynk.com\platform\WINNT_x86-msvc\plugins\NPSting.dll
FF - plugin: d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: d:\documents and settings\Casey Kline\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TpScrex - c:\programdata\TpScrex\TpScrex.exe
AddRemove-Zuma's Revenge! - c:\games\Zuma's Revenge\PopUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 12:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
d:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(2060)
d:\windows\system32\WININET.dll
c:\program files\Ray Adams\ATI Tray Tools\raphook.dll
d:\documents and settings\Casey Kline\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
d:\documents and settings\Casey Kline\Application Data\Dropbox\bin\DropboxExt.13.dll
d:\windows\system32\wpdshext.dll
d:\windows\system32\PortableDeviceApi.dll
d:\windows\system32\Audiodev.dll
d:\windows\system32\WMVCore.DLL
d:\windows\system32\WMASF.DLL
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\SOUNDMAN.EXE
c:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Windows Live\Contacts\wlcomm.exe
d:\windows\system32\drivers\surfguard.exe
d:\windows\system32\wscntfy.exe
d:\windows\system32\SearchProtocolHost.exe
d:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-09-05 12:09:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-05 16:09

Pre-Run: 9,444,020,224 bytes free
Post-Run: 9,618,116,608 bytes free

- - End Of File - - 2942E2C2373A256F70CF3429AB9A26E6
 
Hi,

Okay here are the all new season of "Logs". Available only the Spybot Forum channel ;D.
Click to expand...
:laugh:

Please update MBAM and run a quick scan with it. Post back its report + fresh dds.txt log.
 
i ran MBAM just before making the original post but it finds nothing. In fact the reason i posted here is even spybot (which ive always preferred to its competitors) found nothing but tracking cookies.

Although i know it angers the security gods i DID my own fix and have disabled the JetSwap Safesurf from even loading at all. I deleted its "run" entry in the registry editor (the address was listed in msconfig). So apparently ive disabled but not removed it, since something somewhere can still replace the files i delete if i reinstate that data. The process isnt even listed in the msconfig startup tab anymore so i figured it out. Thank you for your help, without your process i wouldn't have poked where i poked.

And MBAM found nothing.

And i guess ill be back with Punch and pie as an apology if i am wrong. I really hope im not wrong because i want to keep my punch and pie.
 
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
http://forums.spybot.info/showthread.php?t=59235
Collect::
d:\windows\system32\drivers\up.exe
d:\windows\system32\drivers\safesurf.exe
d:\windows\system32\drivers\surfguard.exe
d:\windows\system32\drivers\skybound.gecko.dll
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
mRun: [jsafesurf] d:\windows\system32\drivers\safesurf.exe
Folder::
d:\windows\system32\drivers\f
DirLook::
d:\documents and settings\casey kline\oni
d:\windows\system32\weber
FileLook::
d:\windows\system32\Help64.exe
d:\windows\system32\ICH.exe


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Get Adobe Reader update 9.3.4 here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
Holy crap you found the missing peice of my removal puzzle. The Weber folder along with a folder named Webem re-unpacked the files thats how they kept coming back before i used the reg editor cock block them, thanks!
 
Hi,

Good. Please post requested logs so we can continue on case.
 
ill boot into safe mode and run all that in a little it, sorry for getting side tracked, used to fixing all my problems myself.
 
Coming on this episode of Logapalooza, it's log tastic.


fresh DDS.txt contents


DDS (Ver_10-03-17.01) - NTFSx86
Run by Casey Kline at 20:13:55.25 on Sun 09/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.461 [GMT -4:00]

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\Documents and Settings\Casey Kline\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\BW Monitor\BWMonitor.exe
D:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\wscntfy.exe
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AtiTrayTools] "c:\program files\ray adams\ati tray tools\atitray.exe"
uRun: [Google Update] "d:\documents and settings\casey kline\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Fraps] c:\fraps\FRAPS.EXE
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Ask and Record FLV Service] "c:\program files\replay media catcher\FLVSrvc.exe" /run
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\dropbox.lnk - d:\documents and settings\casey kline\application data\dropbox\bin\Dropbox.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\bw monitor\BWMonitor.exe
StartupFolder: d:\docume~1\caseyk~1\startm~1\programs\startup\shortc~2.lnk - d:\windows\system32\taskmgr.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277092124018
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\caseyk~1\applic~1\mozilla\firefox\profiles\vfhp6q8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\csweblauncher@cyberstep.com\plugins\npCsWebLauncher.dll
FF - plugin: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\kos@dontblynk.com\platform\winnt_x86-msvc\plugins\NPSting.dll
FF - plugin: d:\documents and settings\casey kline\application data\mozilla\firefox\profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: d:\documents and settings\casey kline\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2009-11-25 19232]
R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R2 Akamai;Akamai NetSession Interface;d:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys [2010-6-20 10448]
R3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [2010-6-21 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz130;cpuz130;\??\d:\docume~1\caseyk~1\locals~1\temp\cpuz130\cpuz_x32.sys --> d:\docume~1\caseyk~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-6-21 14424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-12 23:28:47 98816 ----a-w- d:\windows\sed.exe
2010-09-12 23:28:47 77312 ----a-w- d:\windows\MBR.exe
2010-09-12 23:28:47 256512 ----a-w- d:\windows\PEV.exe
2010-09-12 23:28:47 161792 ----a-w- d:\windows\SWREG.exe
2010-09-11 02:20:30 47 ----a-w- d:\documents and settings\casey kline\LWMASTERS9.CFG
2010-09-11 02:07:35 5302 ----a-w- d:\documents and settings\casey kline\surfaceparm.ffs
2010-09-09 23:56:05 0 d-----w- d:\docume~1\caseyk~1\applic~1\Jasc
2010-09-09 23:55:37 0 d-----w- c:\program files\Jasc Software Inc
2010-09-08 20:04:42 52 ----a-w- d:\documents and settings\casey kline\LWFBA.CFG
2010-09-07 21:05:23 218 ----a-w- d:\documents and settings\casey kline\C4e.cfg
2010-09-07 14:18:52 0 d-----w- c:\program files\common files\Akamai
2010-09-06 02:18:32 19 ----a-w- d:\documents and settings\casey kline\mt_multishift.cfg
2010-09-05 15:25:59 0 d-----w- d:\windows\setup.pss
2010-09-05 15:25:41 0 d-----w- d:\windows\setupupd
2010-09-05 02:47:42 0 d-----w- d:\windows\system32\NtmsData
2010-08-31 13:16:37 0 d-----w- d:\docume~1\caseyk~1\applic~1\.minecraft
2010-08-30 17:56:22 0 d-----w- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-30 17:56:22 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-28 04:54:13 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-08-28 03:05:44 0 d-----w- d:\windows\system32\xlive
2010-08-28 03:01:33 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2010-08-27 22:01:01 0 d-sh--w- d:\docume~1\alluse~1\applic~1\SecuROM
2010-08-27 21:27:35 0 d-----w- c:\program files\2K Games
2010-08-27 20:55:52 0 d-----w- d:\windows\pss
2010-08-27 19:41:59 0 d-----w- d:\windows\system32\appmgmt
2010-08-24 18:35:46 0 d-----w- c:\program files\common files\Futuremark Shared
2010-08-24 03:21:33 0 d-----w- d:\docume~1\caseyk~1\applic~1\ArtificialStudios
2010-08-24 03:17:12 0 d-----w- c:\program files\Artificial Studios
2010-08-23 03:01:42 0 d-----w- d:\documents and settings\casey kline\oni
2010-08-20 23:40:09 0 d-----w- c:\program files\Apophysis 2.0
2010-08-20 17:34:43 0 d-----w- c:\program files\Alien Skin
2010-08-19 21:23:15 0 d-----w- d:\docume~1\alluse~1\applic~1\NOMBZ Save Data
2010-08-19 20:37:00 0 d-----w- c:\program files\ReflexiveArcade
2010-08-19 18:55:03 28 ----a-w- d:\windows\pdf995.ini
2010-08-19 18:43:48 59 ----a-w- d:\windows\wpd99.drv
2010-08-19 18:43:48 51716 ----a-w- d:\windows\system32\pdf995mon.dll
2010-08-19 18:43:48 249856 ----a-w- d:\windows\system32\pdfmona.dll
2010-08-19 18:43:48 0 d-----w- d:\docume~1\alluse~1\applic~1\pdf995
2010-08-19 18:43:45 0 d-----w- c:\program files\pdf995
2010-08-16 14:52:58 0 d-----w- c:\program files\MSECache
2010-08-15 22:13:33 0 d-----w- d:\docume~1\caseyk~1\applic~1\URSE Games
2010-08-15 21:22:06 0 d-----w- d:\docume~1\alluse~1\applic~1\Trymedia
2010-08-15 16:02:14 817664 ----a-w- d:\windows\system32\Help64.exe

==================== Find3M ====================

2010-09-12 18:16:16 436792 ----a-w- d:\windows\system32\drivers\sptd.sys
2010-08-23 03:14:02 156672 ----a-w- d:\windows\system32\rmc_fixasf.exe
2010-08-23 03:13:57 237568 ----a-w- d:\windows\system32\rmc_rtspdl.dll
2010-08-10 20:19:39 4096 ----a-w- d:\windows\d3dx.dat
2010-07-17 09:00:04 423656 ----a-w- d:\windows\system32\deployJava1.dll
2010-07-16 04:38:54 392704 ----a-w- d:\windows\system32\ICH.exe
2010-07-15 16:01:12 42612 ----a-w- d:\windows\fonts\Horst Roman Gothic.ttf
2010-07-15 14:10:20 17896 ----a-w- d:\windows\fonts\paola.ttf
2010-06-30 12:31:35 149504 ----a-w- d:\windows\system32\schannel.dll
2010-06-25 13:14:52 151552 ----a-w- d:\windows\system32\nvRegDev.dll
2010-06-24 12:22:03 916480 ----a-w- d:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- d:\windows\system32\win32k.sys
2010-06-21 02:08:43 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2010-06-17 14:03:00 80384 ----a-w- d:\windows\system32\iccvid.dll

============= FINISH: 20:14:16.84 ===============
 
Here is the combo fix log

ComboFix 10-09-12.01 - Casey Kline 09/12/2010 19:31:50.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.815 [GMT -4:00]
Running from: c:\downloads\ComboFix.exe
Command switches used :: c:\downloads\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

file zipped: d:\windows\system32\drivers\safesurf.exe
file zipped: d:\windows\system32\drivers\skybound.gecko.dll
file zipped: d:\windows\system32\drivers\surfguard.exe
file zipped: d:\windows\system32\drivers\up.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\drivers\f
d:\windows\system32\drivers\f\1\chrome\classic.jar
d:\windows\system32\drivers\f\1\chrome\classic.manifest
d:\windows\system32\drivers\f\1\chrome\comm.jar
d:\windows\system32\drivers\f\1\chrome\comm.manifest
d:\windows\system32\drivers\f\1\chrome\en-US.jar
d:\windows\system32\drivers\f\1\chrome\en-US.manifest
d:\windows\system32\drivers\f\1\chrome\geckofx.jar
d:\windows\system32\drivers\f\1\chrome\geckofx.manifest
d:\windows\system32\drivers\f\1\chrome\pippki.jar
d:\windows\system32\drivers\f\1\chrome\pippki.manifest
d:\windows\system32\drivers\f\1\chrome\toolkit.jar
d:\windows\system32\drivers\f\1\chrome\toolkit.manifest
d:\windows\system32\drivers\f\1\components\aboutRights.js
d:\windows\system32\drivers\f\1\components\aboutRobots.js
d:\windows\system32\drivers\f\1\components\accessibility-msaa.xpt
d:\windows\system32\drivers\f\1\components\accessibility.xpt
d:\windows\system32\drivers\f\1\components\alerts.xpt
d:\windows\system32\drivers\f\1\components\appshell.xpt
d:\windows\system32\drivers\f\1\components\appstartup.xpt
d:\windows\system32\drivers\f\1\components\autocomplete.xpt
d:\windows\system32\drivers\f\1\components\autoconfig.xpt
d:\windows\system32\drivers\f\1\components\browser.xpt
d:\windows\system32\drivers\f\1\components\browserdirprovider.dll
d:\windows\system32\drivers\f\1\components\brwsrcmp.dll
d:\windows\system32\drivers\f\1\components\caps.xpt
d:\windows\system32\drivers\f\1\components\chardet.xpt
d:\windows\system32\drivers\f\1\components\chrome.xpt
d:\windows\system32\drivers\f\1\components\commandhandler.xpt
d:\windows\system32\drivers\f\1\components\commandlines.xpt
d:\windows\system32\drivers\f\1\components\composer.xpt
d:\windows\system32\drivers\f\1\components\content_base.xpt
d:\windows\system32\drivers\f\1\components\content_html.xpt
d:\windows\system32\drivers\f\1\components\content_htmldoc.xpt
d:\windows\system32\drivers\f\1\components\content_xmldoc.xpt
d:\windows\system32\drivers\f\1\components\content_xslt.xpt
d:\windows\system32\drivers\f\1\components\content_xtf.xpt
d:\windows\system32\drivers\f\1\components\contentprefs.xpt
d:\windows\system32\drivers\f\1\components\cookie.xpt
d:\windows\system32\drivers\f\1\components\directory.xpt
d:\windows\system32\drivers\f\1\components\docshell_base.xpt
d:\windows\system32\drivers\f\1\components\dom.xpt
d:\windows\system32\drivers\f\1\components\dom_base.xpt
d:\windows\system32\drivers\f\1\components\dom_canvas.xpt
d:\windows\system32\drivers\f\1\components\dom_core.xpt
d:\windows\system32\drivers\f\1\components\dom_css.xpt
d:\windows\system32\drivers\f\1\components\dom_events.xpt
d:\windows\system32\drivers\f\1\components\dom_html.xpt
d:\windows\system32\drivers\f\1\components\dom_json.xpt
d:\windows\system32\drivers\f\1\components\dom_loadsave.xpt
d:\windows\system32\drivers\f\1\components\dom_offline.xpt
d:\windows\system32\drivers\f\1\components\dom_range.xpt
d:\windows\system32\drivers\f\1\components\dom_sidebar.xpt
d:\windows\system32\drivers\f\1\components\dom_storage.xpt
d:\windows\system32\drivers\f\1\components\dom_stylesheets.xpt
d:\windows\system32\drivers\f\1\components\dom_svg.xpt
d:\windows\system32\drivers\f\1\components\dom_traversal.xpt
d:\windows\system32\drivers\f\1\components\dom_views.xpt
d:\windows\system32\drivers\f\1\components\dom_xbl.xpt
d:\windows\system32\drivers\f\1\components\dom_xpath.xpt
d:\windows\system32\drivers\f\1\components\dom_xul.xpt
d:\windows\system32\drivers\f\1\components\downloads.xpt
d:\windows\system32\drivers\f\1\components\editor.xpt
d:\windows\system32\drivers\f\1\components\embed_base.xpt
d:\windows\system32\drivers\f\1\components\extensions.xpt
d:\windows\system32\drivers\f\1\components\exthandler.xpt
d:\windows\system32\drivers\f\1\components\exthelper.xpt
d:\windows\system32\drivers\f\1\components\fastfind.xpt
d:\windows\system32\drivers\f\1\components\FeedConverter.js
d:\windows\system32\drivers\f\1\components\FeedProcessor.js
d:\windows\system32\drivers\f\1\components\feeds.xpt
d:\windows\system32\drivers\f\1\components\FeedWriter.js
d:\windows\system32\drivers\f\1\components\find.xpt
d:\windows\system32\drivers\f\1\components\fuelApplication.js
d:\windows\system32\drivers\f\1\components\gfx.xpt
d:\windows\system32\drivers\f\1\components\htmlparser.xpt
d:\windows\system32\drivers\f\1\components\imgicon.xpt
d:\windows\system32\drivers\f\1\components\imglib2.xpt
d:\windows\system32\drivers\f\1\components\inspector.xpt
d:\windows\system32\drivers\f\1\components\intl.xpt
d:\windows\system32\drivers\f\1\components\jar.xpt
d:\windows\system32\drivers\f\1\components\jsconsole-clhandler.js
d:\windows\system32\drivers\f\1\components\jsdservice.xpt
d:\windows\system32\drivers\f\1\components\layout_base.xpt
d:\windows\system32\drivers\f\1\components\layout_printing.xpt
d:\windows\system32\drivers\f\1\components\layout_xul.xpt
d:\windows\system32\drivers\f\1\components\layout_xul_tree.xpt
d:\windows\system32\drivers\f\1\components\locale.xpt
d:\windows\system32\drivers\f\1\components\loginmgr.xpt
d:\windows\system32\drivers\f\1\components\lwbrk.xpt
d:\windows\system32\drivers\f\1\components\mimetype.xpt
d:\windows\system32\drivers\f\1\components\mozbrwsr.xpt
d:\windows\system32\drivers\f\1\components\mozfind.xpt
d:\windows\system32\drivers\f\1\components\necko.xpt
d:\windows\system32\drivers\f\1\components\necko_about.xpt
d:\windows\system32\drivers\f\1\components\necko_cache.xpt
d:\windows\system32\drivers\f\1\components\necko_cookie.xpt
d:\windows\system32\drivers\f\1\components\necko_dns.xpt
d:\windows\system32\drivers\f\1\components\necko_file.xpt
d:\windows\system32\drivers\f\1\components\necko_ftp.xpt
d:\windows\system32\drivers\f\1\components\necko_http.xpt
d:\windows\system32\drivers\f\1\components\necko_res.xpt
d:\windows\system32\drivers\f\1\components\necko_socket.xpt
d:\windows\system32\drivers\f\1\components\necko_strconv.xpt
d:\windows\system32\drivers\f\1\components\necko_viewsource.xpt
d:\windows\system32\drivers\f\1\components\nsAddonRepository.js
d:\windows\system32\drivers\f\1\components\nsBadCertHandler.js
d:\windows\system32\drivers\f\1\components\nsBlocklistService.js
d:\windows\system32\drivers\f\1\components\nsBrowserContentHandler.js
d:\windows\system32\drivers\f\1\components\nsBrowserGlue.js
d:\windows\system32\drivers\f\1\components\nsContentDispatchChooser.js
d:\windows\system32\drivers\f\1\components\nsContentPrefService.js
d:\windows\system32\drivers\f\1\components\nsDefaultCLH.js
d:\windows\system32\drivers\f\1\components\nsDictionary.js
d:\windows\system32\drivers\f\1\components\nsDownloadManagerUI.js
d:\windows\system32\drivers\f\1\components\nsExtensionManager.js
d:\windows\system32\drivers\f\1\components\nsHandlerService.js
d:\windows\system32\drivers\f\1\components\nsHelperAppDlg.js
d:\windows\system32\drivers\f\1\components\nsLivemarkService.js
d:\windows\system32\drivers\f\1\components\nsLoginInfo.js
d:\windows\system32\drivers\f\1\components\nsLoginManager.js
d:\windows\system32\drivers\f\1\components\nsLoginManagerPrompter.js
d:\windows\system32\drivers\f\1\components\nsMicrosummaryService.js
d:\windows\system32\drivers\f\1\components\nsPlacesTransactionsService.js
d:\windows\system32\drivers\f\1\components\nsPostUpdateWin.js
d:\windows\system32\drivers\f\1\components\nsProgressDialog.js
d:\windows\system32\drivers\f\1\components\nsProxyAutoConfig.js
d:\windows\system32\drivers\f\1\components\nsRequestService.js
d:\windows\system32\drivers\f\1\components\nsResetPref.js
d:\windows\system32\drivers\f\1\components\nsSafebrowsingApplication.js
d:\windows\system32\drivers\f\1\components\nsSearchService.js
d:\windows\system32\drivers\f\1\components\nsSearchSuggestions.js
d:\windows\system32\drivers\f\1\components\nsSessionStartup.js
d:\windows\system32\drivers\f\1\components\nsSessionStore.js
d:\windows\system32\drivers\f\1\components\nsSetDefaultBrowser.js
d:\windows\system32\drivers\f\1\components\nsSidebar.js
d:\windows\system32\drivers\f\1\components\nsTaggingService.js
d:\windows\system32\drivers\f\1\components\nsTryToClose.js
d:\windows\system32\drivers\f\1\components\nsUpdateService.js
d:\windows\system32\drivers\f\1\components\nsUrlClassifierLib.js
d:\windows\system32\drivers\f\1\components\nsUrlClassifierListManager.js
d:\windows\system32\drivers\f\1\components\nsURLFormatter.js
d:\windows\system32\drivers\f\1\components\nsWebHandlerApp.js
d:\windows\system32\drivers\f\1\components\nsXmlRpcClient.js
d:\windows\system32\drivers\f\1\components\nsXULAppInstall.js
d:\windows\system32\drivers\f\1\components\oji.xpt
d:\windows\system32\drivers\f\1\components\parentalcontrols.xpt
d:\windows\system32\drivers\f\1\components\pipboot.xpt
d:\windows\system32\drivers\f\1\components\pipnss.xpt
d:\windows\system32\drivers\f\1\components\pippki.xpt
d:\windows\system32\drivers\f\1\components\places.xpt
d:\windows\system32\drivers\f\1\components\plugin.xpt
d:\windows\system32\drivers\f\1\components\pluginGlue.js
d:\windows\system32\drivers\f\1\components\pref.xpt
d:\windows\system32\drivers\f\1\components\prefetch.xpt
d:\windows\system32\drivers\f\1\components\profile.xpt
d:\windows\system32\drivers\f\1\components\proxyObject.xpt
d:\windows\system32\drivers\f\1\components\rdf.xpt
d:\windows\system32\drivers\f\1\components\satchel.xpt
d:\windows\system32\drivers\f\1\components\saxparser.xpt
d:\windows\system32\drivers\f\1\components\shistory.xpt
d:\windows\system32\drivers\f\1\components\spellchecker.xpt
d:\windows\system32\drivers\f\1\components\storage-Legacy.js
d:\windows\system32\drivers\f\1\components\storage.xpt
d:\windows\system32\drivers\f\1\components\toolkitprofile.xpt
d:\windows\system32\drivers\f\1\components\txEXSLTRegExFunctions.js
d:\windows\system32\drivers\f\1\components\txmgr.xpt
d:\windows\system32\drivers\f\1\components\txtsvc.xpt
d:\windows\system32\drivers\f\1\components\uconv.xpt
d:\windows\system32\drivers\f\1\components\unicharutil.xpt
d:\windows\system32\drivers\f\1\components\update.xpt
d:\windows\system32\drivers\f\1\components\uriloader.xpt
d:\windows\system32\drivers\f\1\components\urlformatter.xpt
d:\windows\system32\drivers\f\1\components\webBrowser_core.xpt
d:\windows\system32\drivers\f\1\components\webbrowserpersist.xpt
d:\windows\system32\drivers\f\1\components\WebContentConverter.js
d:\windows\system32\drivers\f\1\components\webshell_idls.xpt
d:\windows\system32\drivers\f\1\components\widget.xpt
d:\windows\system32\drivers\f\1\components\windowds.xpt
d:\windows\system32\drivers\f\1\components\windowwatcher.xpt
d:\windows\system32\drivers\f\1\components\xml-rpc.xpt
d:\windows\system32\drivers\f\1\components\xpcom_base.xpt
d:\windows\system32\drivers\f\1\components\xpcom_components.xpt
d:\windows\system32\drivers\f\1\components\xpcom_ds.xpt
d:\windows\system32\drivers\f\1\components\xpcom_io.xpt
d:\windows\system32\drivers\f\1\components\xpcom_system.xpt
d:\windows\system32\drivers\f\1\components\xpcom_thread.xpt
d:\windows\system32\drivers\f\1\components\xpcom_xpti.xpt
d:\windows\system32\drivers\f\1\components\xpconnect.xpt
d:\windows\system32\drivers\f\1\components\xpinstall.xpt
d:\windows\system32\drivers\f\1\components\xulapp.xpt
d:\windows\system32\drivers\f\1\components\xulapp_setup.xpt
d:\windows\system32\drivers\f\1\components\xuldoc.xpt
d:\windows\system32\drivers\f\1\components\xultmpl.xpt
d:\windows\system32\drivers\f\1\components\zipwriter.xpt
d:\windows\system32\drivers\f\1\defaults\autoconfig\platform.js
d:\windows\system32\drivers\f\1\defaults\autoconfig\prefcalls.js
d:\windows\system32\drivers\f\1\defaults\pref\channel-prefs.js
d:\windows\system32\drivers\f\1\defaults\pref\firefox-branding.js
d:\windows\system32\drivers\f\1\defaults\pref\firefox-l10n.js
d:\windows\system32\drivers\f\1\defaults\pref\firefox.js
d:\windows\system32\drivers\f\1\defaults\pref\reporter.js
d:\windows\system32\drivers\f\1\defaults\pref\xulrunner.js
d:\windows\system32\drivers\f\1\defaults\profile\bookmarks.html
d:\windows\system32\drivers\f\1\defaults\profile\chrome\userChrome-example.css
d:\windows\system32\drivers\f\1\defaults\profile\chrome\userContent-example.css
d:\windows\system32\drivers\f\1\defaults\profile\localstore.rdf
d:\windows\system32\drivers\f\1\defaults\profile\mimeTypes.rdf
d:\windows\system32\drivers\f\1\defaults\profile\prefs.js
d:\windows\system32\drivers\f\1\defaults\profile\US\chrome\userChrome-example.css
d:\windows\system32\drivers\f\1\defaults\profile\US\chrome\userContent-example.css
d:\windows\system32\drivers\f\1\defaults\profile\US\localstore.rdf
d:\windows\system32\drivers\f\1\freebl3.chk
d:\windows\system32\drivers\f\1\freebl3.dll
d:\windows\system32\drivers\f\1\greprefs\all.js
d:\windows\system32\drivers\f\1\greprefs\security-prefs.js
d:\windows\system32\drivers\f\1\greprefs\xpinstall.js
d:\windows\system32\drivers\f\1\js3250.dll
d:\windows\system32\drivers\f\1\modules\debug.js
d:\windows\system32\drivers\f\1\modules\distribution.js
d:\windows\system32\drivers\f\1\modules\DownloadUtils.jsm
d:\windows\system32\drivers\f\1\modules\ISO8601DateUtils.jsm
d:\windows\system32\drivers\f\1\modules\JSON.jsm
d:\windows\system32\drivers\f\1\modules\Microformats.js
d:\windows\system32\drivers\f\1\modules\PluralForm.jsm
d:\windows\system32\drivers\f\1\modules\utils.js
d:\windows\system32\drivers\f\1\modules\XPCOMUtils.jsm
d:\windows\system32\drivers\f\1\mozcrt19.dll
d:\windows\system32\drivers\f\1\nspr4.dll
d:\windows\system32\drivers\f\1\nss3.dll
d:\windows\system32\drivers\f\1\nssckbi.dll
d:\windows\system32\drivers\f\1\nssdbm3.dll
d:\windows\system32\drivers\f\1\nssutil3.dll
d:\windows\system32\drivers\f\1\plc4.dll
d:\windows\system32\drivers\f\1\plds4.dll
d:\windows\system32\drivers\f\1\plugins\flashplayer.xpt
d:\windows\system32\drivers\f\1\plugins\npnul32.dll
d:\windows\system32\drivers\f\1\plugins\NPSWF32.dll
d:\windows\system32\drivers\f\1\res\arrow.gif
d:\windows\system32\drivers\f\1\res\arrowd.gif
d:\windows\system32\drivers\f\1\res\broken-image.gif
d:\windows\system32\drivers\f\1\res\charsetalias.properties
d:\windows\system32\drivers\f\1\res\charsetData.properties
d:\windows\system32\drivers\f\1\res\contenteditable.css
d:\windows\system32\drivers\f\1\res\designmode.css
d:\windows\system32\drivers\f\1\res\dtd\mathml.dtd
d:\windows\system32\drivers\f\1\res\dtd\xhtml11.dtd
d:\windows\system32\drivers\f\1\res\EditorOverride.css
d:\windows\system32\drivers\f\1\res\entityTables\html40Latin1.properties
d:\windows\system32\drivers\f\1\res\entityTables\html40Special.properties
d:\windows\system32\drivers\f\1\res\entityTables\html40Symbols.properties
d:\windows\system32\drivers\f\1\res\entityTables\htmlEntityVersions.properties
d:\windows\system32\drivers\f\1\res\entityTables\mathml20.properties
d:\windows\system32\drivers\f\1\res\entityTables\transliterate.properties
d:\windows\system32\drivers\f\1\res\fonts\mathfont.properties
d:\windows\system32\drivers\f\1\res\fonts\mathfontStandardSymbolsL.properties
d:\windows\system32\drivers\f\1\res\fonts\mathfontSTIXNonUnicode.properties
d:\windows\system32\drivers\f\1\res\fonts\mathfontSTIXSize1.properties
d:\windows\system32\drivers\f\1\res\fonts\mathfontSymbol.properties
d:\windows\system32\drivers\f\1\res\fonts\mathfontUnicode.properties
d:\windows\system32\drivers\f\1\res\forms.css
d:\windows\system32\drivers\f\1\res\grabber.gif
d:\windows\system32\drivers\f\1\res\hiddenWindow.html
d:\windows\system32\drivers\f\1\res\html.css
d:\windows\system32\drivers\f\1\res\html\folder.png
d:\windows\system32\drivers\f\1\res\html\Thumbs.db
d:\windows\system32\drivers\f\1\res\langGroups.properties
d:\windows\system32\drivers\f\1\res\language.properties
d:\windows\system32\drivers\f\1\res\loading-image.gif
d:\windows\system32\drivers\f\1\res\mathml.css
d:\windows\system32\drivers\f\1\res\quirk.css
d:\windows\system32\drivers\f\1\res\svg.css
d:\windows\system32\drivers\f\1\res\table-add-column-after-active.gif
d:\windows\system32\drivers\f\1\res\table-add-column-after-hover.gif
d:\windows\system32\drivers\f\1\res\table-add-column-after.gif
d:\windows\system32\drivers\f\1\res\table-add-column-before-active.gif
d:\windows\system32\drivers\f\1\res\table-add-column-before-hover.gif
d:\windows\system32\drivers\f\1\res\table-add-column-before.gif
d:\windows\system32\drivers\f\1\res\table-add-row-after-active.gif
d:\windows\system32\drivers\f\1\res\table-add-row-after-hover.gif
d:\windows\system32\drivers\f\1\res\table-add-row-after.gif
d:\windows\system32\drivers\f\1\res\table-add-row-before-active.gif
d:\windows\system32\drivers\f\1\res\table-add-row-before-hover.gif
d:\windows\system32\drivers\f\1\res\table-add-row-before.gif
d:\windows\system32\drivers\f\1\res\table-remove-column-active.gif
d:\windows\system32\drivers\f\1\res\table-remove-column-hover.gif
d:\windows\system32\drivers\f\1\res\table-remove-column.gif
d:\windows\system32\drivers\f\1\res\table-remove-row-active.gif
d:\windows\system32\drivers\f\1\res\table-remove-row-hover.gif
d:\windows\system32\drivers\f\1\res\table-remove-row.gif
d:\windows\system32\drivers\f\1\res\Thumbs.db
d:\windows\system32\drivers\f\1\res\ua.css
d:\windows\system32\drivers\f\1\res\viewsource.css
d:\windows\system32\drivers\f\1\res\wincharset.properties
d:\windows\system32\drivers\f\1\smime3.dll
d:\windows\system32\drivers\f\1\softokn3.chk
d:\windows\system32\drivers\f\1\softokn3.dll
d:\windows\system32\drivers\f\1\sqlite3.dll
d:\windows\system32\drivers\f\1\ssl3.dll
d:\windows\system32\drivers\f\1\xpcom.dll
d:\windows\system32\drivers\f\1\xul.dll
d:\windows\system32\drivers\f\jet.exe
d:\windows\system32\drivers\f\sfa.txt
d:\windows\system32\drivers\safesurf.exe
d:\windows\system32\drivers\skybound.gecko.dll
d:\windows\system32\drivers\surfguard.exe
d:\windows\system32\drivers\up.exe
d:\windows\system32\ico.ico
d:\windows\system32\system
d:\windows\system32\SYSTEM\svchost.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_Win_Updater
-------\Legacy_Win_Updater
-------\Service_Win_Updater
-------\Service_Win_Updater


((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.

2010-09-09 23:56 . 2010-09-09 23:56 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\Jasc
2010-09-09 23:55 . 2010-09-09 23:55 -------- d-----w- c:\program files\Jasc Software Inc
2010-09-07 14:18 . 2010-09-12 23:40 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-05 02:47 . 2010-09-05 02:51 -------- d-----w- d:\windows\system32\NtmsData
2010-08-31 13:16 . 2010-09-12 13:57 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\.minecraft
2010-08-30 17:56 . 2010-08-30 18:47 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-30 17:56 . 2010-08-30 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-28 04:54 . 2010-08-28 04:54 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-08-28 03:22 . 2010-08-30 00:02 -------- d-----w- d:\documents and settings\Casey Kline\Local Settings\Application Data\Fallout3
2010-08-28 03:09 . 2010-09-12 18:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Fallout3
2010-08-28 03:05 . 2010-08-28 03:05 -------- d-----w- d:\windows\system32\xlive
2010-08-28 03:01 . 2010-08-28 03:01 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2010-08-27 22:01 . 2010-08-27 22:01 -------- d-sh--w- d:\documents and settings\All Users\Application Data\SecuROM
2010-08-27 21:27 . 2010-08-27 21:27 -------- d-----w- c:\program files\2K Games
2010-08-27 00:51 . 2010-08-27 00:51 32272 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-24 18:35 . 2010-08-24 18:35 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-08-24 03:21 . 2010-08-24 03:21 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\ArtificialStudios
2010-08-24 03:17 . 2010-08-24 03:17 -------- d-----w- c:\program files\Artificial Studios
2010-08-23 03:01 . 2010-08-23 03:01 -------- d-----w- d:\documents and settings\Casey Kline\oni
2010-08-20 23:40 . 2010-08-23 03:21 -------- d-----w- c:\program files\Apophysis 2.0
2010-08-20 18:07 . 2010-09-07 17:52 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\Alien Skin
2010-08-20 17:34 . 2010-08-20 17:34 -------- d-----w- c:\program files\Alien Skin
2010-08-19 21:23 . 2010-08-19 21:24 -------- d-----w- d:\documents and settings\All Users\Application Data\NOMBZ Save Data
2010-08-19 20:37 . 2010-08-19 20:37 -------- d-----w- c:\program files\ReflexiveArcade
2010-08-19 18:55 . 2010-08-19 18:55 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\pdf995
2010-08-19 18:43 . 2010-08-19 21:13 59 ----a-w- d:\windows\wpd99.drv
2010-08-19 18:43 . 2010-08-19 21:13 -------- d-----w- d:\documents and settings\All Users\Application Data\pdf995
2010-08-19 18:43 . 2010-08-19 18:43 51716 ----a-w- d:\windows\system32\pdf995mon.dll
2010-08-19 18:43 . 2010-08-19 18:43 249856 ----a-w- d:\windows\system32\pdfmona.dll
2010-08-19 18:43 . 2010-08-19 18:53 -------- d-----w- c:\program files\pdf995
2010-08-16 14:52 . 2010-08-16 14:52 -------- d-----w- c:\program files\MSECache
2010-08-15 22:13 . 2010-08-15 22:13 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\URSE Games
2010-08-15 21:22 . 2010-08-15 21:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Trymedia
2010-08-15 16:02 . 2010-08-15 16:02 817664 ----a-w- d:\windows\system32\Help64.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 23:40 . 2010-06-30 15:44 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\Dropbox
2010-09-12 23:40 . 2010-06-21 23:29 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-09-12 23:10 . 2010-09-12 19:09 35 ----a-w- d:\windows\system32\drivers\auth.txt
2010-09-12 23:04 . 2010-06-21 02:58 1324 ----a-w- d:\windows\system32\d3d9caps.dat
2010-09-12 22:55 . 2010-06-22 00:32 -------- d-----w- c:\program files\PeerBlock
2010-09-12 19:09 . 2010-09-12 19:09 13528 ----a-w- d:\windows\system32\drivers\block.txt
2010-09-12 18:49 . 2010-09-10 20:05 312113 ----a-w- d:\windows\system32\drivers\log.txt
2010-09-12 18:16 . 2010-08-12 17:31 436792 ----a-w- d:\windows\system32\drivers\sptd.sys
2010-09-12 17:40 . 2010-06-21 02:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-11 21:21 . 2010-09-12 13:57 65024 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\bin\natives\jinput-dx8_64.dll
2010-09-11 21:21 . 2010-09-12 13:57 62464 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\bin\natives\jinput-raw_64.dll
2010-09-11 21:21 . 2010-09-12 13:57 61952 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\bin\natives\jinput-dx8.dll
2010-09-11 21:21 . 2010-09-12 13:57 59392 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\bin\natives\jinput-raw.dll
2010-09-11 21:21 . 2010-09-12 13:57 273920 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\bin\natives\lwjgl64.dll
2010-09-11 21:21 . 2010-09-12 13:57 195072 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\bin\natives\OpenAL64.dll
2010-09-11 21:21 . 2010-09-12 13:57 193024 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\bin\natives\lwjgl.dll
2010-09-11 21:21 . 2010-09-12 13:57 108032 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\bin\natives\OpenAL32.dll
2010-09-07 14:20 . 2010-08-12 18:05 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\runic games
2010-08-27 19:48 . 2010-06-21 12:38 -------- d-----w- c:\program files\Steam
2010-08-27 18:52 . 2010-07-25 20:20 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\Skype
2010-08-27 18:51 . 2010-07-25 20:20 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\skypePM
2010-08-25 18:48 . 2010-06-25 13:16 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-25 18:48 . 2010-06-21 14:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-25 18:31 . 2010-06-21 02:33 -------- d-----w- c:\program files\ESET
2010-08-23 03:15 . 2010-07-15 00:01 -------- d-----w- c:\program files\Replay Media Catcher
2010-08-23 03:14 . 2010-07-15 00:04 156672 ----a-w- d:\windows\system32\rmc_fixasf.exe
2010-08-23 03:13 . 2010-07-15 00:04 237568 ----a-w- d:\windows\system32\rmc_rtspdl.dll
2010-08-20 04:07 . 2010-06-30 02:29 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\vlc
2010-08-19 21:37 . 2010-06-21 02:41 32272 ----a-w- d:\documents and settings\Casey Kline\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-19 21:12 . 2010-06-25 23:53 1 ----a-w- d:\documents and settings\Casey Kline\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-12 17:48 . 2010-08-12 17:48 -------- d-----w- c:\program files\Alcohol Soft
2010-08-12 17:33 . 2010-08-10 18:30 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-11 02:12 . 2010-08-11 02:12 -------- d-----w- c:\program files\Common Files\Java
2010-08-11 02:12 . 2010-06-21 20:35 -------- d-----w- c:\program files\Java
2010-08-10 20:25 . 2010-08-10 20:25 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\Jumb-O-Fun Games
2010-08-10 20:19 . 2010-08-10 20:19 4096 ----a-w- d:\windows\d3dx.dat
2010-08-10 15:40 . 2010-08-10 15:40 -------- d-----w- c:\program files\3D Realms
2010-08-09 19:35 . 2010-08-22 23:52 75776 ----a-w- d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\CSWebLauncher@cyberstep.com\plugins\npCsWebLauncher.dll
2010-08-05 19:33 . 2010-08-05 19:33 -------- d-----w- c:\program files\GamersFirst
2010-08-05 19:21 . 2010-08-05 19:21 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\JAM Software
2010-08-05 19:21 . 2010-08-05 19:21 -------- d-----w- c:\program files\JAM Software
2010-08-05 06:41 . 2010-08-05 06:41 503808 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2351dcc9-n\msvcp71.dll
2010-08-05 06:41 . 2010-08-05 06:41 499712 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2351dcc9-n\jmc.dll
2010-08-05 06:41 . 2010-08-05 06:41 348160 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2351dcc9-n\msvcr71.dll
2010-08-05 06:40 . 2010-08-05 06:40 61440 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-526014b9-n\decora-sse.dll
2010-08-05 06:40 . 2010-08-05 06:40 12800 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-526014b9-n\decora-d3d.dll
2010-08-04 03:42 . 2010-08-04 03:42 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\AnvSoft
2010-08-04 03:42 . 2010-08-04 03:42 -------- d-----w- c:\program files\AnvSoft
2010-08-03 06:11 . 2010-08-31 13:26 65024 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\jinput-dx8_64.dll
2010-08-03 06:11 . 2010-08-31 13:26 62464 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\jinput-raw_64.dll
2010-08-03 06:11 . 2010-08-31 13:26 61952 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\jinput-dx8.dll
2010-08-03 06:11 . 2010-08-31 13:26 59392 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\jinput-raw.dll
2010-08-03 06:11 . 2010-08-31 13:26 273920 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\lwjgl64.dll
2010-08-03 06:11 . 2010-08-31 13:26 195072 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\OpenAL64.dll
2010-08-03 06:11 . 2010-08-31 13:26 193024 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\lwjgl.dll
2010-08-03 06:11 . 2010-08-31 13:26 108032 ----a-w- d:\documents and settings\Casey Kline\Application Data\.minecraft\.minecraft\bin\natives\OpenAL32.dll
2010-07-29 22:19 . 2010-06-25 13:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-28 02:09 . 2010-07-28 02:09 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-28 02:09 . 2010-07-28 02:09 85504 ----a-w- d:\documents and settings\Casey Kline\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-07-28 02:09 . 2010-07-28 02:09 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\SystemRequirementsLab
2010-07-25 20:20 . 2010-07-25 20:20 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-07-25 20:19 . 2010-07-25 20:19 -------- d-----r- c:\program files\Skype
2010-07-25 20:19 . 2010-07-25 20:19 -------- d-----w- c:\program files\Common Files\Skype
2010-07-25 20:19 . 2010-07-25 20:18 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2010-07-25 17:07 . 2010-07-25 17:07 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\Malwarebytes
2010-07-25 17:06 . 2010-07-25 17:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-25 17:06 . 2010-07-25 17:06 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-18 03:49 . 2010-07-18 03:43 -------- d-----w- d:\documents and settings\Casey Kline\Application Data\TeamViewer
2010-07-18 03:43 . 2010-07-18 03:43 -------- d-----w- c:\program files\TeamViewer
2010-07-17 09:00 . 2010-06-21 20:35 423656 ----a-w- d:\windows\system32\deployJava1.dll
2010-07-16 04:38 . 2010-07-16 04:38 392704 ----a-w- d:\windows\system32\ICH.exe
2010-07-15 00:03 . 2010-07-15 00:03 -------- d-----w- c:\program files\Applian Director
2010-06-30 20:16 . 2010-06-22 00:58 139110 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2010-06-30 15:44 . 2010-06-30 15:44 89831 ----a-w- d:\documents and settings\Casey Kline\Application Data\Dropbox\bin\Uninstall.exe
2010-06-30 12:31 . 2008-04-14 04:42 149504 ----a-w- d:\windows\system32\schannel.dll
2010-06-25 13:14 . 2010-06-25 13:15 151552 ----a-w- d:\windows\system32\nvRegDev.dll
2010-06-24 19:07 . 2010-06-24 19:07 0 ----a-w- d:\windows\popcreg.dat
2010-06-24 19:07 . 2010-06-24 19:07 0 ----a-w- d:\windows\popcinfot.dat
2010-06-24 12:22 . 2008-04-14 04:42 916480 ----a-w- d:\windows\system32\wininet.dll
2010-06-24 02:13 . 2010-06-22 19:10 639978 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2052111302-1979792683-1801674531-1003-0.dat
2010-06-23 13:44 . 2008-04-14 00:00 1851904 ----a-w- d:\windows\system32\win32k.sys
2010-06-22 02:20 . 2010-06-21 02:11 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-21 20:36 . 2010-06-21 20:36 503808 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f772ce5-n\msvcp71.dll
2010-06-21 20:36 . 2010-06-21 20:36 499712 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f772ce5-n\jmc.dll
2010-06-21 20:36 . 2010-06-21 20:36 348160 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f772ce5-n\msvcr71.dll
2010-06-21 20:35 . 2010-06-21 20:35 61440 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-426bf51c-n\decora-sse.dll
2010-06-21 20:35 . 2010-06-21 20:35 12800 ----a-w- d:\documents and settings\Casey Kline\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-426bf51c-n\decora-d3d.dll
2010-06-21 15:27 . 2008-04-13 23:45 354304 ----a-w- d:\windows\system32\drivers\srv.sys
2010-06-21 11:59 . 2010-06-21 11:59 0 ----a-w- d:\windows\ativpsrm.bin
2010-06-21 03:27 . 2010-06-21 03:27 53248 ----a-r- d:\documents and settings\Casey Kline\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-06-21 03:27 . 2010-06-21 03:27 16400 ----a-w- d:\windows\system32\drivers\LNonPnP.sys
2010-06-21 03:14 . 2009-05-05 13:58 13976 ----a-w- d:\windows\system32\drivers\videX32.sys
2010-06-21 02:56 . 2010-06-21 02:56 0 ----a-w- d:\windows\nsreg.dat
2010-06-21 02:08 . 2010-06-21 02:08 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2010-06-17 14:03 . 2008-04-14 04:41 80384 ----a-w- d:\windows\system32\iccvid.dll
2010-06-16 19:00 . 2010-06-22 19:41 3145920 -c--a-w- d:\documents and settings\All Users\Application Data\{18B9435B-CD3C-4E7E-A6EB-65605DCDDEC8}\Impulse_setup.exe
2010-06-16 18:56 . 2010-06-22 19:39 1119536 -c--a-w- d:\documents and settings\All Users\Application Data\{18B9435B-CD3C-4E7E-A6EB-65605DCDDEC8}\OFFLINE\86D01CB6\12FD35EB\impulse.dll
2010-06-16 18:55 . 2010-06-22 19:39 30000 -c--a-w- d:\documents and settings\All Users\Application Data\{18B9435B-CD3C-4E7E-A6EB-65605DCDDEC8}\OFFLINE\86D01CB6\757C30BC\SDSecurity.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- d:\windows\system32\Help64.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 817664
Created time: 2010-08-15 16:02
Modified time: 2010-08-15 16:02
MD5: 70F826D5CB3A88BC9C6B50CB870ADEA7
SHA1: D368A0126A5AEA5754046B23A8C17BB68B90D434


--- d:\windows\system32\ICH.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 392704
Created time: 2010-07-16 04:38
Modified time: 2010-07-16 04:38
MD5: 9E4DB8CEE901634E006D5AEDA05E7882
SHA1: BD39033D7CF6A2EB1C53D5D87A3DF35EC388428C

---- Directory of d:\documents and settings\casey kline\oni ----


---- Directory of d:\windows\system32\weber ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Casey Kline\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Casey Kline\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Casey Kline\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"AtiTrayTools"="c:\program files\Ray Adams\ATI Tray Tools\atitray.exe" [2010-01-31 882688]
"Google Update"="d:\documents and settings\Casey Kline\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-05 136176]
"Fraps"="c:\fraps\FRAPS.EXE" [2009-01-03 1203880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

d:\documents and settings\Casey Kline\Start Menu\Programs\Startup\
Dropbox.lnk - d:\documents and settings\Casey Kline\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2010-6-16 471040]
Shortcut to BWMonitor.lnk - c:\program files\BW Monitor\BWMonitor.exe [2010-6-20 224256]
Shortcut to taskmgr.lnk - d:\windows\system32\taskmgr.exe [2008-4-14 135680]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire Diplomacy.exe"=
"d:\\Documents and Settings\\Casey Kline\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [8/12/2010 1:31 PM 436792]
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [11/25/2009 8:11 AM 19232]
R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792]
R2 Akamai;Akamai NetSession Interface;d:\windows\System32\svchost.exe -k Akamai [4/14/2008 12:42 AM 14336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/11/2009 7:24 AM 735960]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys [6/20/2010 11:26 PM 10448]
R3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [6/21/2010 8:03 AM 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 cpuz130;cpuz130;\??\d:\docume~1\CASEYK~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> d:\docume~1\CASEYK~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [6/21/2010 8:32 PM 14424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-09-12 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1979792683-1801674531-1003Core.job
- d:\documents and settings\Casey Kline\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-05 18:33]

2010-09-12 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1979792683-1801674531-1003UA.job
- d:\documents and settings\Casey Kline\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-05 18:33]
.
.
------- Supplementary Scan -------
.
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
FF - ProfilePath - d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\CSWebLauncher@cyberstep.com\plugins\npCsWebLauncher.dll
FF - plugin: d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\kos@dontblynk.com\platform\WINNT_x86-msvc\plugins\NPSting.dll
FF - plugin: d:\documents and settings\Casey Kline\Application Data\Mozilla\Firefox\Profiles\vfhp6q8h.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: d:\documents and settings\Casey Kline\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 19:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3746.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3746.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
d:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(2640)
d:\windows\system32\WININET.dll
c:\program files\Ray Adams\ATI Tray Tools\raphook.dll
d:\documents and settings\Casey Kline\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
d:\documents and settings\Casey Kline\Application Data\Dropbox\bin\DropboxExt.13.dll
d:\windows\system32\wpdshext.dll
d:\windows\system32\PortableDeviceApi.dll
d:\windows\system32\Audiodev.dll
d:\windows\system32\WMVCore.DLL
d:\windows\system32\WMASF.DLL
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\SOUNDMAN.EXE
c:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Windows Live\Contacts\wlcomm.exe
d:\windows\system32\SearchProtocolHost.exe
d:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-09-12 19:51:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-12 23:51

Pre-Run: 9,457,225,728 bytes free
Post-Run: 9,450,962,944 bytes free

- - End Of File - - 11626D7C75BC4CA2B17F69736C96A29E
 
and the thrilling conclusion, the oh so pain int eha ss to run cuz first tiem it took 48 hours to run.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, September 13, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, September 13, 2010 11:32:59
Records in database: 4213809
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 279312
Threats found: 2
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 03:52:49


File name / Threat / Threats count
D:\Qoobox\Quarantine\D\WINDOWS\system32\system\svchost.exe.vir Infected: Trojan-Downloader.Win32.Pher.gkp 1
D:\System Volume Information\_restore{4E58D58D-4C73-45A1-A9E8-7412EF0B5FC7}\RP100\A0010288.exe Infected: Trojan-Downloader.Win32.Pher.gkp 1
D:\System Volume Information\_restore{4E58D58D-4C73-45A1-A9E8-7412EF0B5FC7}\RP120\A0024686.exe Infected: Trojan-Downloader.Win32.Pher.gkp 1
D:\System Volume Information\_restore{4E58D58D-4C73-45A1-A9E8-7412EF0B5FC7}\RP125\A0025408.exe Infected: Trojan-Downloader.Win32.Pher.gkp 1
D:\System Volume Information\_restore{4E58D58D-4C73-45A1-A9E8-7412EF0B5FC7}\RP130\A0027134.exe Infected: Trojan-Downloader.Win32.Pher.gkp 1

Selected area has been scanned.


Had to post each individually beucase iw as getting oversized post warnings.
 
Hi,

Upload these files to http://wwww.virustotal.com and post back the results/links to the results:
d:\windows\system32\Help64.exe
d:\windows\system32\ICH.exe


Look for a zip file with name like [4]-Submit in d:\qoobox\quarantine. Upload to this website if found.

Kindly include a link to this topic in the message.
 
Good. Those both got a few hits but none from vendors I usually trust. I think we'll leave them alone.

Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis


Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


Please download OTC and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
  • Download and run Secunia Personal Software Inspector (PSI) and fix its findings.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
 
Yes, when is aw the VT results i thought "Those are some tweaked out untrusted AV's that are saying it's not clean". Before i do the securing part im going to reboot and see if Safe surf still loads at login, but it seems to not do anything since i now have it blocked via my ESET firewall.

And that Jetswap site needs to be added to the unsafe site listing at google.
 
You must log in or register to reply here.
Back
Top