Caught the redirect virus!! [Archive] - Safer-Networking Forums

View Full Version : Caught the redirect virus!!

LSJR71

2010-08-22, 01:27

It's 'redirecting' on all search sites (Google, Yahoo, Bing, etc.)...plus, I think it caused a couple "blue screen of deaths" to happen over the last 2 weeks. :confused:

Any help would be greatly appreciated. :beerbeerb:

--------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Larry at 17:58:02.16 on Sat 08/21/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2549.1672 [GMT -4:00]

SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Sunbelt Software CounterSpy 2.5.1032 *disabled* (Outdated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
C:\Windows\system32\Ati2evxx.exe
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Advanced SystemCare 3\AWC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\kmw_run.exe
C:\Program Files\WinPatrol\WinPatrol.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hot Corners\HotC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\KMW_SHOW.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRAM FILES\AD MUNCHER\ADMUNCH.EXE
C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE
C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Stardock\Object Desktop\Object Dock\ObjectDock.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\00-Downloads\00-Vista Fixes\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: asfppe2 Toolbar: {fea5c76b-e0e2-4a33-a78b-9d8a064eb867} - c:\program files\asfppe2\tbasfp.dll
uURLSearchHooks: H - No File
mURLSearchHooks: asfppe2 Toolbar: {fea5c76b-e0e2-4a33-a78b-9d8a064eb867} - c:\program files\asfppe2\tbasfp.dll
BHO: IE7pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\ie7pro\IE7pro.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Winamp Toolbar BHO: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Idea2 SidebarBrowserMonitor Class: {45ad732c-2ce2-4666-b366-b2214ad57a49} - c:\program files\desktop sidebar\sbhelp.dll
BHO: WebBlinds: {4f92b827-1e56-4e30-a978-a17a7861a606} - c:\progra~1\object~1\webbli~1\webblinds.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: asfppe2 Toolbar: {fea5c76b-e0e2-4a33-a78b-9d8a064eb867} - c:\program files\asfppe2\tbasfp.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: -{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No File
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: asfppe2 Toolbar: {fea5c76b-e0e2-4a33-a78b-9d8a064eb867} - c:\program files\asfppe2\tbasfp.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [SmartRAM] "c:\program files\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [Hot Corners] "c:\program files\hot corners\HotC.exe"
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [CursorXP] c:\program files\cursorxp\CursorXP.exe
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [kmw_run.exe] kmw_run.exe
mRun: [WinPatrol] c:\program files\winpatrol\winpatrol.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [SDTray] "c:\program files\spyware doctor\SDTrayApp.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Flashget] c:\program files\flashget\flashget.exe /min
mRun: [MSWheel]
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
uPolicies-explorer: AlwaysShowClassicMenu = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=H97F7136&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=H97F7136&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=H97F7136&id=menu_ie_link
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=H97F7136&id=menu_ie_exclude
IE: Download with GetRight
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=H97F7136&id=menu_ie_report
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {09EA1F80-F40A-11D1-B792-444553540001}
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\ie7pro\IE7pro.dll
IE: {09FE188B-6E85-479e-9411-51FB2220DF80} - {45AD732C-2CE2-4666-B366-B2214AD57A49} - c:\program files\desktop sidebar\sbhelp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\videoget\plugins\VideoGet_IE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: facebook.com\apps
Trusted Zone: kuaiche.com\software
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15030/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://pcpitstop.com/mhLbl.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: c:\windows\system32\wbsys.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
SEH: {16664848-0E00-11D2-8059-000000000000} - No File
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\larry\appdata\roaming\mozilla\firefox\profiles\xntpprha.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=9&q=
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.http - 72.9.104.5
FF - prefs.js: network.proxy.http_port - 81
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\users\larry\appdata\roaming\mozilla\firefox\profiles\xntpprha.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\larry\appdata\roaming\mozilla\firefox\profiles\xntpprha.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\larry\appdata\roaming\mozilla\firefox\profiles\xntpprha.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\users\larry\appdata\roaming\mozilla\firefox\profiles\xntpprha.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll
FF - component: c:\users\larry\appdata\roaming\mozilla\firefox\profiles\xntpprha.default\extensions\optout@dubfire.net\lib\winnt\ff3\AbineComponent.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\vlc\npvlc.dll
FF - plugin: c:\users\larry\appdata\roaming\mozilla\firefox\profiles\xntpprha.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\larry\appdata\roaming\mozilla\firefox\profiles\xntpprha.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\larry\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10); user_pref(general.useragent.extra.zencast, Creative ZENcast v2.00.07); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, Creative ZENcast v2.00.07);user_pref(general.useragent.extra.zencast, c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-8-16 38728]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-8-16 57672]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-8-16 82248]
R1 kmwnt;kmwnt;c:\windows\system32\drivers\kmwnt.sys [2007-4-2 152192]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-7-29 136632]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-8-12 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-7-29 41336]
R2 kmwsafe;kmwsafe;c:\windows\system32\drivers\kmwsafe.sys [2007-4-2 1408]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-12-13 18944]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-17 304464]
R2 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-21 1153368]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-3-6 5504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-17 20952]
R3 USBAV191;Instant VideoXpress;c:\windows\system32\drivers\USBAV191.SYS [2005-4-27 120128]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-2 9216]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\svcntaux.exe --> c:\program files\spyware doctor\svcntaux.exe [?]
S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\swdsvc.exe --> c:\program files\spyware doctor\swdsvc.exe [?]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [2010-2-26 30272]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]

=============== Created Last 30 ================

2010-08-21 20:33:02 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-20 16:51:11 0 d-----w- c:\program files\SyncBack
2010-08-18 00:00:25 0 d--h--w- C:\$AVG
2010-08-17 23:45:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 23:45:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 23:33:32 0 d-----w- c:\programdata\avg9
2010-08-17 23:10:25 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-17 22:45:24 0 d-----w- C:\renamedComboFix
2010-08-17 22:04:25 98816 ----a-w- c:\windows\sed.exe
2010-08-17 22:04:25 77312 ----a-w- c:\windows\MBR.exe
2010-08-17 22:04:25 256512 ----a-w- c:\windows\PEV.exe
2010-08-17 22:04:25 161792 ----a-w- c:\windows\SWREG.exe
2010-08-17 15:59:49 0 d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-16 20:47:10 0 d-----w- c:\program files\Hitman Pro
2010-08-16 18:00:56 0 d-----w- C:\NOD_upd
2010-08-16 17:30:54 0 d-----w- c:\windows\system32\drivers\Backup
2010-08-15 22:21:02 0 d-----w- c:\programdata\PopCap Games
2010-08-14 19:33:57 0 d-----w- c:\users\larry\appdata\roaming\Dream Aquarium
2010-08-14 19:33:38 0 d-----w- c:\program files\Dream Aquarium
2010-08-11 17:39:38 0 d-----w- c:\program files\Carbonite
2010-08-11 17:38:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-11 00:51:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware1.44
2010-08-03 18:40:26 379152 ----a-w- c:\windows\system32\temp.043
2010-08-03 18:40:25 77878 ----a-w- c:\windows\system32\temp.041
2010-08-03 18:40:25 30992 ----a-w- c:\windows\system32\temp.042
2010-08-03 18:40:25 295000 ----a-w- c:\windows\system32\temp.040
2010-08-03 18:40:18 0 d-----w- c:\program files\peds 2010
2010-07-30 00:13:59 0 d-----w- c:\users\larry\appdata\roaming\Photo Collage Screensaver
2010-07-30 00:13:56 0 d-----w- c:\program files\Photo Collage Screensaver
2010-07-30 00:08:36 0 d-----w- c:\program files\779Media
2010-07-29 17:55:12 30 ----a-w- c:\windows\wininit.ini
2010-07-29 17:31:26 41336 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2010-07-29 17:31:26 32608 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-07-29 17:31:26 136632 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-07-29 17:31:26 134512 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-07-29 17:31:26 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-07-28 17:13:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 19:19:41 0 d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-07-26 19:19:41 0 d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-07-26 19:19:41 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-07-23 20:08:12 0 d-----w- C:\b28948fea642898185d8e3

==================== Find3M ====================

2010-08-21 21:40:22 17700 ----a-w- c:\windows\TMP0001.TMP
2010-08-19 16:30:37 143 ----a-w- c:\program files\desktop.ini
2010-08-18 21:30:54 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-18 21:30:54 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-18 21:30:54 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-13 01:36:45 317 ----a-w- c:\users\larry\appdata\roaming\bbbconfig.dat
2010-07-21 16:32:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-06-08 16:48:52 207320 ---ha-w- c:\windows\system32\mlfcache.dat
2008-08-09 13:24:22 2401056 ----a-w- c:\program files\FastStone Capture.exe
2008-06-11 16:09:47 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:50:41 258 ----a-w- c:\program files\Shows Desktop.lnk
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2002-05-29 02:49:00 22016 ----a-w- c:\program files\Enable-Disable Screensaver.exe
2007-03-12 23:41:51 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-03-12 23:41:51 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-03-12 23:41:51 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-04-09 15:53:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007040220070409\index.dat
2007-04-16 15:32:21 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007040920070416\index.dat
2007-04-23 13:52:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007041620070423\index.dat
2007-04-23 21:51:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007042320070424\index.dat
2007-04-24 22:58:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007042420070425\index.dat
2007-04-25 15:58:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007042520070426\index.dat
2007-04-30 01:46:32 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007042920070430\index.dat
2007-05-01 15:58:55 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007050120070502\index.dat
2007-05-02 20:08:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007050220070503\index.dat
2007-05-03 15:23:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007050320070504\index.dat
2007-05-06 16:28:25 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007050620070507\index.dat
2007-05-12 16:53:44 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007051220070513\index.dat
2007-05-19 16:15:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007051920070520\index.dat
2007-05-23 07:11:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007052320070524\index.dat
2007-05-24 17:17:04 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007052420070525\index.dat
2007-05-27 16:57:50 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007052720070528\index.dat
2007-05-28 22:09:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007052820070529\index.dat
2007-06-01 15:24:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007060120070602\index.dat
2007-06-03 23:43:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007060320070604\index.dat
2007-06-06 16:14:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007060620070607\index.dat
2007-06-07 19:12:11 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007060720070608\index.dat
2007-06-08 22:48:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007060820070609\index.dat
2007-06-10 17:41:13 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007061020070611\index.dat
2007-06-11 18:38:50 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007061120070612\index.dat
2007-06-13 21:35:16 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007061320070614\index.dat
2007-06-14 23:50:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007061420070615\index.dat
2007-06-22 17:56:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007062220070623\index.dat
2007-06-26 01:26:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007062520070626\index.dat
2007-06-27 07:11:32 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007062720070628\index.dat
2007-06-29 22:05:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007062920070630\index.dat
2007-07-05 16:03:39 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007070520070706\index.dat
2007-07-06 20:49:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007070620070707\index.dat
2007-07-11 07:14:50 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007071120070712\index.dat
2007-07-12 20:16:56 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007071220070713\index.dat
2007-07-16 21:39:54 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007071620070717\index.dat
2007-07-19 20:42:04 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007071920070720\index.dat
2007-07-21 23:58:16 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007072120070722\index.dat
2007-07-31 16:16:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007073120070801\index.dat
2007-08-02 18:27:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007080220070803\index.dat
2007-08-03 23:02:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007080320070804\index.dat
2007-08-04 16:44:07 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007080420070805\index.dat
2007-08-08 21:40:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007080820070809\index.dat
2007-08-09 21:06:13 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007080920070810\index.dat
2007-08-10 18:04:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007081020070811\index.dat
2007-08-12 00:06:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007081120070812\index.dat
2007-08-15 07:18:39 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007081520070816\index.dat
2007-08-16 17:34:41 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007081620070817\index.dat
2007-08-17 15:33:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007081720070818\index.dat
2007-08-22 18:32:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007082220070823\index.dat
2007-08-29 07:15:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007082920070830\index.dat
2007-08-30 07:16:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007083020070831\index.dat

============= FINISH: 18:00:47.08 ===============

Blade81

2010-08-26, 22:43

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent

I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).

After that:

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

LSJR71

2010-08-27, 01:45

First off, I think it's fixed so...THANK YOU!! :bigthumb:

But just in case there are any other problems, here are my reports:

I stopped Spyware Doctor, but it kept saying it was running. :confused:

----------------

ComboFix 10-08-26.02 - Larry 08/26/2010 16:38:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2549.1742 [GMT -4:00]
Running from: c:\00-downloads\00-Vista Fixes\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Sunbelt Software CounterSpy 2.5.1032 *disabled* (Outdated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf
.
---- Previous Run -------
.
C:\desktop.ini
c:\program files\Common\VsoVprev.ax
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\users\Larry\AppData\Roaming\149f7bec.exe
c:\users\Larry\AppData\Roaming\ACD Systems\ACDSee\ImageDB.ddf
c:\users\Larry\AppData\Roaming\BITS\BITS.ini
c:\users\Larry\AppData\Roaming\BITS\DHTTable.dat
c:\users\Larry\AppData\Roaming\BITS\ProxyList.ini
c:\users\Larry\AppData\Roaming\gidle.exe
c:\users\Larry\AppData\Roaming\inst.exe
c:\windows\11134.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\Setup.exe
c:\windows\system32\ernel32.dll
c:\windows\system32\Icons\Aqua Glass Folders - Icon 17.png
c:\windows\system32\Icons\Aqua Glass Folders - Icon 18.png
c:\windows\system32\Icons\Aqua Glass Folders - Icon 52.png
c:\windows\system32\Icons\Aqua Glass\0.ico
c:\windows\system32\Icons\Aqua Glass\1.ico
c:\windows\system32\Icons\Aqua Glass\10.ico
c:\windows\system32\Icons\Aqua Glass\11.ico
c:\windows\system32\Icons\Aqua Glass\12.ico
c:\windows\system32\Icons\Aqua Glass\13.ico
c:\windows\system32\Icons\Aqua Glass\14.ico
c:\windows\system32\Icons\Aqua Glass\15.ico
c:\windows\system32\Icons\Aqua Glass\16.ico
c:\windows\system32\Icons\Aqua Glass\17.ico
c:\windows\system32\Icons\Aqua Glass\18.ico
c:\windows\system32\Icons\Aqua Glass\19.ico
c:\windows\system32\Icons\Aqua Glass\2.ico
c:\windows\system32\Icons\Aqua Glass\20.ico
c:\windows\system32\Icons\Aqua Glass\21.ico
c:\windows\system32\Icons\Aqua Glass\22.ico
c:\windows\system32\Icons\Aqua Glass\23.ico
c:\windows\system32\Icons\Aqua Glass\24.ico
c:\windows\system32\Icons\Aqua Glass\25.ico
c:\windows\system32\Icons\Aqua Glass\26.ico
c:\windows\system32\Icons\Aqua Glass\27.ico
c:\windows\system32\Icons\Aqua Glass\28.ico
c:\windows\system32\Icons\Aqua Glass\29.ico
c:\windows\system32\Icons\Aqua Glass\3.ico
c:\windows\system32\Icons\Aqua Glass\30.ico
c:\windows\system32\Icons\Aqua Glass\31.ico
c:\windows\system32\Icons\Aqua Glass\32.ico
c:\windows\system32\Icons\Aqua Glass\33.ico
c:\windows\system32\Icons\Aqua Glass\34.ico
c:\windows\system32\Icons\Aqua Glass\35.ico
c:\windows\system32\Icons\Aqua Glass\36.ico
c:\windows\system32\Icons\Aqua Glass\37.ico
c:\windows\system32\Icons\Aqua Glass\38.ico
c:\windows\system32\Icons\Aqua Glass\39.ico
c:\windows\system32\Icons\Aqua Glass\4.ico
c:\windows\system32\Icons\Aqua Glass\40.ico
c:\windows\system32\Icons\Aqua Glass\41.ico
c:\windows\system32\Icons\Aqua Glass\42.ico
c:\windows\system32\Icons\Aqua Glass\43.ico
c:\windows\system32\Icons\Aqua Glass\44.ico
c:\windows\system32\Icons\Aqua Glass\45.ico
c:\windows\system32\Icons\Aqua Glass\46.ico
c:\windows\system32\Icons\Aqua Glass\47.ico
c:\windows\system32\Icons\Aqua Glass\48.ico
c:\windows\system32\Icons\Aqua Glass\49.ico
c:\windows\system32\Icons\Aqua Glass\5.ico
c:\windows\system32\Icons\Aqua Glass\50.ico
c:\windows\system32\Icons\Aqua Glass\51.ico
c:\windows\system32\Icons\Aqua Glass\52.ico
c:\windows\system32\Icons\Aqua Glass\53.ico
c:\windows\system32\Icons\Aqua Glass\54.ico
c:\windows\system32\Icons\Aqua Glass\55.ico
c:\windows\system32\Icons\Aqua Glass\56.ico
c:\windows\system32\Icons\Aqua Glass\57.ico
c:\windows\system32\Icons\Aqua Glass\58.ico
c:\windows\system32\Icons\Aqua Glass\59.ico
c:\windows\system32\Icons\Aqua Glass\6.ico
c:\windows\system32\Icons\Aqua Glass\60.ico
c:\windows\system32\Icons\Aqua Glass\61.ico
c:\windows\system32\Icons\Aqua Glass\62.ico
c:\windows\system32\Icons\Aqua Glass\63.ico
c:\windows\system32\Icons\Aqua Glass\64.ico
c:\windows\system32\Icons\Aqua Glass\65.ico
c:\windows\system32\Icons\Aqua Glass\66.ico
c:\windows\system32\Icons\Aqua Glass\67.ico
c:\windows\system32\Icons\Aqua Glass\68.ico
c:\windows\system32\Icons\Aqua Glass\69.ico
c:\windows\system32\Icons\Aqua Glass\7.ico
c:\windows\system32\Icons\Aqua Glass\70.ico
c:\windows\system32\Icons\Aqua Glass\71.ico
c:\windows\system32\Icons\Aqua Glass\72.ico
c:\windows\system32\Icons\Aqua Glass\73.ico
c:\windows\system32\Icons\Aqua Glass\74.ico
c:\windows\system32\Icons\Aqua Glass\75.ico
c:\windows\system32\Icons\Aqua Glass\76.ico
c:\windows\system32\Icons\Aqua Glass\77.ico
c:\windows\system32\Icons\Aqua Glass\78.ico
c:\windows\system32\Icons\Aqua Glass\79.ico
c:\windows\system32\Icons\Aqua Glass\8.ico
c:\windows\system32\Icons\Aqua Glass\80.ico
c:\windows\system32\Icons\Aqua Glass\81.ico
c:\windows\system32\Icons\Aqua Glass\9.ico
c:\windows\system32\Icons\Aqua Glass\Backup\1.ico
c:\windows\system32\Icons\Aqua Glass\Backup\14.ico
c:\windows\system32\Icons\Aqua Glass\Backup\22.ico
c:\windows\system32\Icons\Aqua Glass\Backup\23.ico
c:\windows\system32\Icons\Aqua Glass\Backup\26.ico
c:\windows\system32\Icons\Aqua Glass\Backup\27.ico
c:\windows\system32\Icons\Aqua Glass\Backup\28.ico
c:\windows\system32\Icons\Aqua Glass\Backup\3.ico
c:\windows\system32\Icons\Aqua Glass\Backup\36.ico
c:\windows\system32\Icons\Aqua Glass\Backup\51.ico
c:\windows\system32\Icons\Aqua Glass\Backup\52.ico
c:\windows\system32\Icons\Aqua Glass\Backup\57.ico
c:\windows\system32\Icons\Aqua Glass\Backup\6.ico
c:\windows\system32\Icons\Aqua Glass\Backup\7.ico
c:\windows\system32\Icons\AquaGlass16.png
c:\windows\system32\Icons\avantbrowser_2_04.png
c:\windows\system32\Icons\Black glass\black-bitmap.ico
c:\windows\system32\Icons\Black glass\black-gif.ico
c:\windows\system32\Icons\Black glass\black-jpg.ico
c:\windows\system32\Icons\Black glass\black-mpeg.ico
c:\windows\system32\Icons\Black glass\black-rar.ico
c:\windows\system32\Icons\Black glass\black-shortcut.ico
c:\windows\system32\Icons\Black glass\black-shortcut.png
c:\windows\system32\Icons\Black glass\black-sound.ico
c:\windows\system32\Icons\Black glass\black-zip.ico
c:\windows\system32\Icons\CMS-Indemnity-OD-B-calc.png
c:\windows\system32\Icons\CMS-Indemnity-OD-B-Checkbook.png
c:\windows\system32\Icons\CMS-Indemnity-OD-B-msWord.png
c:\windows\system32\Icons\CMS-Indemnity-OD-B-TrillianChat.png
c:\windows\system32\Icons\HFN Notepad B.png
c:\windows\system32\Icons\iChat AV.png
c:\windows\system32\Icons\Icon3RAR.png
c:\windows\system32\Icons\Icon3RAR16.png
c:\windows\system32\Icons\KaZaA Lite.png
c:\windows\system32\Icons\LaST (ObjectDock)\BootSkins Icon.png
c:\windows\system32\Icons\LaST (ObjectDock)\Component Tray.png
c:\windows\system32\Icons\LaST (ObjectDock)\IconDeveloper.png
c:\windows\system32\Icons\LaST (ObjectDock)\IconExplorer.png
c:\windows\system32\Icons\LaST (ObjectDock)\IconPackager.png
c:\windows\system32\Icons\LaST (ObjectDock)\Keyboard Launchpad.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Announcement).png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Acrobat.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Applications.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Books.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Briefcase.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) CD-R.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) CD-RW.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) CD.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Chat.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Control Panel.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Customize.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Delete.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Desktop.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) DOS Application.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) DVD.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) E-Mail.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Excel.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) External CD.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) External Drive.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Favorites Folder.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Favorites.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Find.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Floppy.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Folder.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Fonts Folders.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Help.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Home Folder.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Home.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) iDisk.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) INF-INI File.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Info Folder.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Internal Disk.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Internet File.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Internet.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Library Folder.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Lock & Gear.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Movies Folder.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Movies.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) MP3 File.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Music CD.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Music Folder.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Music.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) My Computer.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) My Network.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Network Services.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) OD Clock.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Open Folder.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Outlook.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) PDF File.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Pictures Folder.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Pictures.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Playlist.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Powerpoint.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Printers.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) PSD File.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Quicktime File.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Quicktime.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Recent Docunents.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Removable.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) RTF File.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Run.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Scanners & Cammeras.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Settings - Printers.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Sound App.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Sound Folders.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) System Folder.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Text File.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) TIFF File.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Trash Full.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Trash.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Users Folder.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Video File.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) WAV File.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Web Folder.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) WMP.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) WMV File.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Word File.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Word.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Cobalt) Zip Folder.png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST (Graphs).png
c:\windows\system32\Icons\LaST (ObjectDock)\LaST Config OD.png
c:\windows\system32\Icons\LaST (ObjectDock)\ObjectMedia.png
c:\windows\system32\Icons\LaST (ObjectDock)\Settings.png
c:\windows\system32\Icons\LaST (ObjectDock)\Skinstudio.png
c:\windows\system32\Icons\LaST (ObjectDock)\Stardock Central.png
c:\windows\system32\Icons\LaST (ObjectDock)\Theme Manager.png
c:\windows\system32\Icons\LaST (ObjectDock)\WindowBlinds.png
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 01.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 02.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 03.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 04.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 05.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 06.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 07.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 08.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 09.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 10.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 11.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 12.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 13.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 14.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 15.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 16.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 17.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 18.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 19.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 20.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 21.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 22.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 23.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 24.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 25.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 26.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 27.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 28.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 29.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 30.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 31.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 32.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 33.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 34.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 35.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 36.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 37.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 38.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 39.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 40.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 41.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 42.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 43.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 44.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 45.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 46.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 47.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 48.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 49.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 50.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 51.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 52.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 53.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 54.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 55.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 56.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 57.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 58.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 59.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 60.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 61.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 62.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 63.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 64.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 65.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 66.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 67.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 68.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 69.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 70.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 71.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 72.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 73.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 74.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 75.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 76.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 77.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 78.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 79.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 80.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 81.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue Icon 82.ico
c:\windows\system32\Icons\miccheckinblue\mic check in blue.iconpackage
c:\windows\system32\Icons\NoteTabIcon\NoteTab.ico
c:\windows\system32\Icons\NoteTabIcon\NoteTab.png
c:\windows\system32\Icons\NoteTabIcon\ReadMe.txt
c:\windows\system32\Icons\NoteTabIcon\Thumbs.db
c:\windows\system32\Icons\Photocamara_256.png
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 01.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 02.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 03.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 04.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 05.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 06.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 07.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 08.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 09.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 10.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 11.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 12.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 13.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 14.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 15.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 16.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 17.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 18.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 19.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 20.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 21.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 22.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 23.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 24.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 25.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 26.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 27.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 28.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 29.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 30.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 31.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 32.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 33.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 34.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 35.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 36.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 37.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 38.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 39.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 40.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 41.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 42.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 43.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 44.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 45.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 46.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 47.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins Icon 48.ico
c:\windows\system32\Icons\Pittsburgh Penguins\Pittsburgh Penguins.iconpackage
c:\windows\system32\Icons\Polymer_icpk\Backup\Polymer_icpk Bitmap Image.ico
c:\windows\system32\Icons\Polymer_icpk\Backup\Polymer_icpk Control Panel.ico
c:\windows\system32\Icons\Polymer_icpk\Backup\Polymer_icpk GIF Image.ico
c:\windows\system32\Icons\Polymer_icpk\Backup\Polymer_icpk JPEG Image.ico
c:\windows\system32\Icons\Polymer_icpk\Backup\Polymer_icpk Movie Clip.ico
c:\windows\system32\Icons\Polymer_icpk\Backup\Polymer_icpk MS-DOS Application.ico
c:\windows\system32\Icons\Polymer_icpk\Backup\Polymer_icpk Zip File.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer logo.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk ActiveX Cache.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Administrative Tools.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Audio CD.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Bitmap Image.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk CD-ROM Drive.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Closed Folder.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Computer.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Configuration Settings.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Control Panel.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Default Document.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Default Icon.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Desktop.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Dial-Up Networking.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Documents.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Entire Network.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Favorites.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Find.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Floppy Drive (3.5).ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Floppy Drive (5.25).ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Fonts.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk GIF Image.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Hard Drive.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Help.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Internet Document.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk JPEG Image.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Media Clip.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk MIDI Sequence.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Movie Clip.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk MS-DOS Application.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk MS-DOS Batch File.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk My Computer.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk My Documents.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Network Drive (connected).ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Network Drive (offline).ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Network Neighborhood.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Open Folder.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Printers.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Program Group.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Programs.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk RAM Drive.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Recycle Bin (empty).ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Recycle Bin (full).ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Removable Drive.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Rich Text Format.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Run.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Scheduled Tasks.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Settings - Control Panel.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Settings - Printers.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Settings.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Sharing Overlay.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Shortcut Overlay.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Shut Down.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Subscriptions.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Text Document.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk The Internet.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Url History.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Video Clip.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Wave Sound.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Workgroup.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Write Document.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk Zip File.ico
c:\windows\system32\Icons\Polymer_icpk\Polymer_icpk.iptheme
c:\windows\system32\Icons\Polymer_icpk\readme.txt
c:\windows\system32\Icons\poof.png
c:\windows\system32\Icons\rar.ico
c:\windows\system32\Icons\system\audio_cd.png
c:\windows\system32\Icons\system\audiorec.png
c:\windows\system32\Icons\system\backup.png
c:\windows\system32\Icons\system\bildschirmlupe.png
c:\windows\system32\Icons\system\defrag.png
c:\windows\system32\Icons\system\desktop.png
c:\windows\system32\Icons\system\disk_clean.png
c:\windows\system32\Icons\system\dx_diag.png
c:\windows\system32\Icons\system\eigenedateien.png
c:\windows\system32\Icons\system\explorer.png
c:\windows\system32\Icons\system\movie_maker.png
c:\windows\system32\Icons\system\msconfig_v1.png
c:\windows\system32\Icons\system\msconfig_v2.png
c:\windows\system32\Icons\system\msconfig_v3.png
c:\windows\system32\Icons\system\my_computer_1.png
c:\windows\system32\Icons\system\my_computer_2.png
c:\windows\system32\Icons\system\read me.txt
c:\windows\system32\Icons\system\rechner.png
c:\windows\system32\Icons\system\regedit.png
c:\windows\system32\Icons\system\search.png
c:\windows\system32\Icons\system\system_exit.png
c:\windows\system32\Icons\system\system_reboot.png
c:\windows\system32\Icons\system\system_standby.png
c:\windows\system32\Icons\system\systemeinstellungen.png
c:\windows\system32\Icons\system\systeminformationen.png
c:\windows\system32\Icons\system\systemsteuerung.png
c:\windows\system32\Icons\system\systemwiederherstellung.png
c:\windows\system32\Icons\system\trash_v1.png
c:\windows\system32\Icons\system\trash_v1_full.png
c:\windows\system32\Icons\system\trash_v2.png
c:\windows\system32\Icons\system\trash_v2_full.png
c:\windows\system32\Icons\system\zeichentabelle.png
c:\windows\system32\Icons\system\zubeh”r.png
c:\windows\system32\Icons\tool_browser_avant.png
c:\windows\system32\Icons\tool_browser_opera.png
c:\windows\system32\Icons\tool_download.png
c:\windows\system32\Icons\tool_getright.png
c:\windows\system32\Icons\trillian_2_01.png
c:\windows\system32\Icons\xchat_01.png
c:\windows\system32\Icons\xnews-bonus.png
c:\windows\system32\NTVBSvcW.tlb
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat
c:\windows\system32\wpcap.dll
D:\autorun.inf

Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-26 20:51 . 2010-08-26 20:51 -------- d-----w- c:\users\Larry\AppData\Local\temp
2010-08-26 20:51 . 2010-08-26 20:51 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-08-17 15:59 . 2010-08-21 21:37 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-16 20:47 . 2010-08-17 19:59 -------- d-----w- c:\program files\Hitman Pro
2010-08-16 18:00 . 2010-08-16 18:01 -------- d-----w- C:\NOD_upd
2010-08-16 17:30 . 2010-08-16 17:33 -------- d-----w- c:\windows\system32\drivers\Backup
2010-08-15 22:21 . 2010-08-15 22:44 -------- d-----w- c:\programdata\PopCap Games
2010-08-14 19:33 . 2010-08-14 19:35 -------- d-----w- c:\users\Larry\AppData\Roaming\Dream Aquarium
2010-08-14 19:33 . 2010-08-17 20:03 -------- d-----w- c:\program files\Dream Aquarium
2010-08-13 22:28 . 2010-08-12 05:52 85464 ----a-w- c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-08-13 22:28 . 2010-08-12 05:52 38872 ----a-w- c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
2010-08-11 17:39 . 2010-08-11 17:39 -------- d-----w- c:\program files\Carbonite
2010-08-11 17:38 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-11 00:51 . 2010-08-17 20:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1.44
2010-08-03 18:40 . 2010-08-25 19:55 -------- d-----w- c:\program files\peds 2010
2010-08-02 17:53 . 2010-07-23 21:22 43008 ----a-w- c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-02 17:53 . 2010-07-23 21:22 1496064 ----a-w- c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-02 17:53 . 2010-07-23 21:22 338944 ----a-w- c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-02 17:53 . 2010-07-23 21:22 346112 ----a-w- c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-30 00:13 . 2010-07-31 23:48 -------- d-----w- c:\users\Larry\AppData\Roaming\Photo Collage Screensaver
2010-07-30 00:13 . 2010-07-30 00:13 -------- d-----w- c:\program files\Photo Collage Screensaver
2010-07-30 00:08 . 2010-07-30 00:08 -------- d-----w- c:\program files\779Media
2010-07-29 17:31 . 2010-07-29 17:31 41336 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2010-07-29 17:31 . 2010-07-29 17:31 32608 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-07-29 17:31 . 2010-07-29 17:31 136632 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-07-29 17:31 . 2010-07-29 17:31 134512 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-07-29 17:31 . 2010-07-29 17:31 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-07-28 17:13 . 2010-08-17 23:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 20:36 . 2009-01-22 19:11 -------- d-----w- c:\program files\Advanced SystemCare 3
2010-08-26 20:35 . 2007-03-12 18:52 7304 ----a-w- c:\windows\TMP0001.TMP
2010-08-26 20:14 . 2010-06-15 21:45 -------- d-----w- c:\users\Larry\AppData\Roaming\Abine
2010-08-26 20:06 . 2007-05-10 00:04 -------- d-----w- c:\program files\BitTorrent
2010-08-25 17:48 . 2007-03-12 20:53 -------- d-----w- c:\users\Larry\AppData\Roaming\SlimBrowser
2010-08-25 15:51 . 2008-03-13 00:49 -------- d-----w- c:\users\Larry\AppData\Roaming\Vso
2010-08-21 21:34 . 2007-04-24 18:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-21 20:37 . 2010-08-21 20:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-21 19:52 . 2010-08-21 19:51 -------- d-----w- c:\program files\ERUNT
2010-08-20 23:22 . 2009-04-27 19:02 -------- d-----w- c:\program files\Ad Muncher
2010-08-20 16:51 . 2010-08-20 16:51 -------- d-----w- c:\program files\SyncBack
2010-08-19 16:21 . 2010-03-06 15:17 8268 ----a-w- c:\users\Larry\AppData\Local\d3d9caps.dat
2010-08-18 20:51 . 2010-08-17 23:33 -------- d-----w- c:\programdata\avg9
2010-08-18 01:52 . 2008-06-26 18:16 -------- d-----w- c:\program files\Playersonly.com Casino
2010-08-18 01:30 . 2007-08-30 22:46 -------- d-----w- c:\program files\Online TV Player 3
2010-08-18 00:00 . 2010-06-27 21:08 -------- d-----w- c:\program files\RollerCoaster Tycoon 2
2010-08-17 17:20 . 2009-04-29 16:52 -------- d-----w- c:\program files\AirHockey 3D
2010-08-17 17:20 . 2007-08-06 23:14 -------- d-----w- c:\program files\Alive Organizer
2010-08-16 20:13 . 2007-11-15 23:25 -------- d-----w- c:\program files\VideoGet
2010-08-13 01:36 . 2008-02-18 21:35 317 ----a-w- c:\users\Larry\AppData\Roaming\bbbconfig.dat
2010-08-13 01:26 . 2008-02-18 21:35 -------- d-----w- c:\users\Larry\AppData\Roaming\MysteryStudio
2010-08-11 17:40 . 2007-03-06 05:57 -------- d-----w- c:\program files\Common Files\Java
2010-08-11 17:38 . 2007-03-06 05:57 -------- d-----w- c:\program files\Java
2010-08-08 17:17 . 2008-02-25 19:44 -------- d-----w- c:\program files\Object Desktop
2010-08-08 17:17 . 2007-03-19 22:47 -------- d-----w- c:\program files\Common Files\Stardock
2010-08-05 21:16 . 2007-06-14 16:46 -------- d-----w- c:\program files\IsoBuster
2010-08-04 16:20 . 2007-03-14 16:02 -------- d-----w- c:\program files\PokerStars
2010-08-03 21:10 . 2007-12-28 19:27 -------- d-----w- c:\users\Larry\AppData\Roaming\Alien Skin
2010-07-26 20:55 . 2007-03-18 21:17 -------- d-----w- c:\program files\Vista Manager
2010-07-26 20:22 . 2009-08-03 20:24 -------- d-----w- c:\program files\Trojan Remover
2010-07-26 19:19 . 2010-07-26 19:19 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-07-26 19:19 . 2010-07-26 19:19 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-07-26 19:19 . 2010-07-26 19:19 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-07-26 18:39 . 2010-07-26 18:39 715152 ----a-w- c:\programdata\Simply Super Software\Trojan Remover\Data\trunins.exe
2010-07-25 16:59 . 2007-03-12 16:38 127016 ----a-w- c:\users\Larry\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-24 23:27 . 2007-04-06 17:29 -------- d-----w- c:\program files\Rainlendar2
2010-07-22 20:20 . 2008-03-13 16:49 -------- d-----w- c:\program files\ESET
2010-07-22 20:01 . 2010-07-21 18:49 -------- d-----w- c:\programdata\Norton
2010-07-22 19:58 . 2010-07-21 18:47 -------- d-----w- c:\programdata\NortonInstaller
2010-07-21 21:30 . 2010-08-20 23:24 421888 ----a-w- c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2010-07-21 17:19 . 2007-08-08 16:02 -------- d-----w- c:\program files\Creative
2010-07-21 17:11 . 2007-08-08 17:15 -------- d-----w- c:\programdata\Creative
2010-07-21 16:32 . 2010-07-21 16:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-07-20 22:30 . 2010-07-20 22:27 -------- d-----w- c:\users\Larry\AppData\Roaming\gPhotoShow
2010-07-20 22:14 . 2010-07-20 21:50 -------- d-----w- c:\program files\gPhotoShow
2010-07-18 19:20 . 2010-07-18 16:09 -------- d-----w- c:\programdata\NOS
2010-07-16 18:01 . 2010-07-16 18:01 -------- d-----w- c:\program files\Video to GIF
2010-07-11 23:05 . 2010-06-20 18:32 -------- d-----w- c:\program files\FlashGet
2010-07-11 17:43 . 2007-03-28 21:29 -------- d-----w- c:\program files\RapidUploader
2010-07-09 23:43 . 2010-07-09 23:43 -------- d-----w- c:\program files\GraphicsGale
2010-06-29 23:18 . 2010-08-19 20:33 225416 ----a-w- c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll
2010-06-27 21:10 . 2007-06-24 19:45 -------- d-----w- c:\programdata\Trymedia
2010-06-22 15:58 . 2010-06-24 17:06 90112 ----a-w- c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\entbcompose.dll
2010-06-22 15:58 . 2010-06-24 17:06 241664 ----a-w- c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enclip.dll
2010-06-22 15:58 . 2010-06-24 17:06 114688 ----a-w- c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\ENImaDLL.dll
2010-06-22 15:58 . 2010-06-24 17:06 167936 ----a-w- c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
2010-06-11 23:58 . 2009-06-21 00:12 188152 ----a-w- c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\FlashGot.exe
2010-06-08 16:48 . 2010-03-01 21:12 207320 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-08 16:32 . 2010-06-08 16:32 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2008-08-09 13:24 . 2009-02-13 22:13 2401056 ----a-w- c:\program files\FastStone Capture.exe
2006-11-02 12:50 . 2007-03-12 16:35 258 ----a-w- c:\program files\Shows Desktop.lnk
2002-05-29 02:49 . 2009-07-01 22:15 22016 ----a-w- c:\program files\Enable-Disable Screensaver.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fea5c76b-e0e2-4a33-a78b-9d8a064eb867}"= "c:\program files\asfppe2\tbasfp.dll" [2008-07-28 1606680]

[HKEY_CLASSES_ROOT\clsid\{fea5c76b-e0e2-4a33-a78b-9d8a064eb867}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fea5c76b-e0e2-4a33-a78b-9d8a064eb867}]
2008-07-28 01:11 1606680 ----a-w- c:\program files\asfppe2\tbasfp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fea5c76b-e0e2-4a33-a78b-9d8a064eb867}"= "c:\program files\asfppe2\tbasfp.dll" [2008-07-28 1606680]

[HKEY_CLASSES_ROOT\clsid\{fea5c76b-e0e2-4a33-a78b-9d8a064eb867}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files\Advanced SystemCare 3\Sup_SmartRAM.exe" [2008-11-06 202256]
"Hot Corners"="c:\program files\Hot Corners\HotC.exe" [2009-09-18 135168]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 140288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-16 151552]
"kmw_run.exe"="kmw_run.exe" [2006-08-03 106496]
"WinPatrol"="c:\program files\WinPatrol\winpatrol.exe" [2007-04-19 271936]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-08-22 1306624]
"SDTray"="c:\program files\Spyware Doctor\SDTrayApp.exe" [BU]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-02-13 409600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-06-19 1986608]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-6-25 267520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AlwaysShowClassicMenu"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-11-12 14:19 270640 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BigFix"="c:\program files\Bigfix\bigfix.exe" /atstartup
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe"
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
"iKeyWorks"=c:\progra~1\A4Tech\Keyboard\Ikeymain.exe
"HPAIO_PrintFolderMgr"=c:\windows\system32\spool\DRIVERS\W32X86\hpoopm07.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1663965171-1754205722-1191958859-1001]
"EnableNotificationsRef"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1663965171-1754205722-1191958859-500]
"EnableNotificationsRef"=dword:00000002

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\AWC Startup.job
- c:\program files\Advanced SystemCare 3\AWC.exe [2009-01-22 17:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Download with GetRight
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: facebook.com\apps
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=9&q=
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.http - 72.9.104.5
FF - prefs.js: network.proxy.http_port - 81
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\VLC\npvlc.dll
FF - plugin: c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\xntpprha.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Larry\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10); user_pref(general.useragent.extra.zencast, Creative ZENcast v2.00.07); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, Creative ZENcast v2.00.07);user_pref(general.useragent.extra.zencast, c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{811FB681-61C2-4442-9C96-9F164F619ED7} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-MSWheel - (no file)
ShellExecuteHooks-{16664848-0E00-11D2-8059-000000000000} - (no file)
Notify-MCPClient - (no file)
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 16:51
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-26 16:58:19
ComboFix-quarantined-files.txt 2010-08-26 20:58

Pre-Run: 114,532,904,960 bytes free
Post-Run: 116,754,219,008 bytes free

- - End Of File - - 06A8B503E90CA438C4492918091C82D8

Blade81

2010-08-27, 08:16

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\program files\BitTorrent

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Uninstall old Adobe Reader versions and get the latest one with updates (9.3 and updates 9.3.2 & 9.3.3 & 9.3.4) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).

Uninstall these old Javas:
J2SE Runtime Environment 5.0 Update 6
Jasc Animation Shop 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6

Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Blade81

2010-09-02, 17:16

Are you still there?

LSJR71

2010-09-02, 22:59

Yes, I'm still here. I'm right in the middle of a fantasy football draft, that usually takes a week. As soon as it's over, I'll follow your advice...just in case something goes wrong.

Thanks for your help.

Blade81

2010-09-02, 23:45

Hi,

Since you'll still need that much time I'm going to close this topic. Feel free to create a new one with logs requested in Before You Post (http://forums.spybot.info/showthread.php?t=288) sticky when you have enough time to follow instructions without long breaks.