Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Member
    Join Date
    Jan 2011
    Posts
    8
    Points
    0

    Exclamation Website redirected!!

    Hi,

    Please please help. Most of the time, when I click on the address in IE, it redirected to an advertisement. I try Ccleaner, Malwarebyte, Norton and still it does not remove. I even reinstall IE8. Please help. Thanks


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:18:11 AM, on 1/28/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...nAxControl.CAB
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/s.../SysProExe.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1266235465125
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1266236943843
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 9061 bytes

  2. #2
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello Equate5 and Welcome to the Help2Go Spyware Help Forum

    Sorry for the delay!!
    .


    My nick is Net_Surfer and I will be helping you with your malware issues, this may or may not solve other issues you may have with your machine.

    Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

    I would also like to inform you that most of us here at Help2Go support forums offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!


    Please be patient and I'd be grateful if you would note the following:

    The cleaning process is not instant. Combofix, OTL and hijackthis logs can take some time to research, I use Google as resource to research what the problem is just to understand some of the infections that are infecting the computer and understand where I need to focus more on to ensure that the member get the best and honest service.

    so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.


    1. Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
    2. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    3. Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. Never will there be an all in one solution for repairing an infected computer. You must have a great arsenal of utilities that can take care of what another program may miss or isn't as specialized as another.
    4. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
    5. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
    6. Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.
    Just because you can't see a problem doesn't mean it isn't there.

    If you can do these things, everything should go smoothly!

    OK..If you have a Vista computer ensure that you right click on the tools and run them as an Admin. IF XP double click on the program to run them.

    Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
    Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

    Please carefully follow the next set of steps:


    If you can not download and run the following tools, then I would like for you to try another approach:

    If you have the use of another computer please either use a Flash Drive or a CD to download the following and transfer them for use on the infected machine.
    Be sure you put them on the desktop of the infected computer.


    Step 1.

    * exeHelper by Raktor.

    Please download: exeHelper to your desktop.
    Double-click on exeHelper.com to run the fix.
    A black window should pop up, press any key to close once the fix is completed.
    Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Step 2.

    * After running exeHelper ("without rebooting") download and run Rkill and Malwarebytes then run combofix step and run them using this instructions:

    We need to use the RKill Tool by Grinler

    Rkill.com <--- Download site
    • Please Download Rkill.com. Save it to your Desktop.
    • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
    • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.
    • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
    • Please be patient while the program looks for various malware programs and ends them.
    • When it has finished, the black window will automatically close and you can continue with the next step.

    NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Antivirus Suite when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

    If you continue having problems running rkill.com, you can download:
    iExplore.exe or eXplorer.exe
    which are renamed copies of rkill.com, and try them instead.

    *If the tool does not run from any of the links, Please tell me about it.

    Step 3.

    We should Re-run MBAM like this:

    Let's get your MalwareBytes AntiMalware updated and run a final scan:

    Please update MBAM and run another scan:
    Start MBAM
    Click on the Update tab



    click Check for Updates



    If it says that MBAM needs to close to update it... let it close and then restart.
    Then click the Scan button.

    Don't forget:
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    Post the report that comes up after the scan.



    Step 4.

    We will use ComboFix to install the Microsoft Recovery Console for windows XP

    - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat.

    Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

    * Please visit this webpage for instructions for downloading and running ComboFix if you have problems running it:

    Please download ComboFix from one of the following mirrors, and save it to your desktop.
    Warning: This tool is not a toy and not for everyday use!.
    Link 1
    Link 2
    Link 3
    • Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
    • Please insert all usb-drives before running Combofix
    • Close any open browsers.
    • Double click on your desktop.
      If using Vista/Win7, right-click and Run as Administrator...
    • Read and accept (Press Yes) to the disclaimer.
    • Follow the prompts...And allow the installation of the Recovery Console!!! <--IMPORTANT
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
      Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
      **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
    • *Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

      Post the log from ComboFix in your next reply.


    *EXTRA NOTES*

    * If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    * If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    * If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Summary of the logs I will need in your next reply:
    • ExeHelper log.
    • Rkill log.
    • The Malwarebytes report log.
    • The ComboFix log.

    How are things your end ?


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

    Kind regards
    Net_Surfer
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  3. #3
    Member
    Join Date
    Jan 2011
    Posts
    8
    Points
    0

    Default

    Hi Net_Surfer,

    First of all Thank you and appreciated your help. Here are the logs:

    exeHelper by Raktor
    Build 20100414
    Run at 22:24:11 on 01/28/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    exeHelper by Raktor
    Build 20100414
    Run at 22:29:05 on 01/28/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 01/28/2011 at 23:08:18.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:



    Rkill completed on 01/28/2011 at 23:08:43.Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes

    Database version: 5633

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/29/2011 2:58:28 AM
    mbam-log-2011-01-29 (02-58-21).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 421201
    Time elapsed: 3 hour(s), 35 minute(s), 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\tyler.tyler-3fcdef477\my documents\LimeWire\Saved\malwarebytes anti-malware v1.50.1.1100 . serials [chattchitto rg]\malwarebytes anti-malware v1.50.1.1100 . serials [chattchitto rg].exe (Dont.Steal.Our.Software) -> No action taken.
    c:\documents and settings\tyler.tyler-3fcdef477\my documents\LimeWire\Saved\autocad\acad2011 (e)\Crack\xf-a2011-32bits\xf-a2011-32bits.exe (RiskWare.Tool.CK) -> No action taken.
    c:\documents and settings\tyler.tyler-3fcdef477\my documents\LimeWire\Saved\autocad\acad2011 (e)\Crack\xf-a2011-64bits\xf-a2011-64bits.exe (RiskWare.Tool.CK) -> No action taken.



    ComboFix 11-01-28.02 - Tyler 01/29/2011 9:24.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1453 [GMT -8:00]
    Running from: c:\documents and settings\Tyler.TYLER-3FCDEF477\Desktop\ComboFix.exe
    AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    ADS - system32: deleted 40 bytes in 1 streams.
    ADS - WINDOWS: deleted 72 bytes in 1 streams.

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users.WINDOWS\VCREDI~3.EXE
    c:\documents and settings\Tyler.TYLER-3FCDEF477\Application Data\chrtmp
    c:\documents and settings\Tyler.TYLER-3FCDEF477\Application Data\inst.exe
    c:\documents and settings\Tyler\Application Data\inst.exe
    C:\sysmon

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
    .

    2011-01-29 07:10 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-29 07:10 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-27 06:54 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-01-26 05:43 . 2011-01-26 05:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
    2011-01-26 04:40 . 2011-01-26 04:40 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240BE.TMP
    2011-01-23 16:29 . 2011-01-23 16:29 -------- d-----w- C:\coupons
    2011-01-19 08:04 . 2011-01-19 08:04 -------- d-----w- c:\documents and settings\Tyler.TYLER-3FCDEF477\Local Settings\Application Data\Intuit
    2011-01-19 08:02 . 2011-01-19 08:02 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\IsolatedStorage
    2011-01-19 08:02 . 2011-01-19 08:02 -------- d-----w- c:\documents and settings\Tyler.TYLER-3FCDEF477\Application Data\Intuit
    2011-01-19 07:55 . 2011-01-19 07:55 -------- d-----w- c:\documents and settings\Tyler.TYLER-3FCDEF477\Local Settings\Application Data\IsolatedStorage
    2011-01-19 07:55 . 2011-01-19 08:01 -------- d-----w- c:\program files\Common Files\Intuit
    2011-01-19 07:54 . 2011-01-19 07:54 -------- d-----w- c:\program files\TurboTax
    2011-01-19 07:54 . 2011-01-19 07:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Intuit
    2011-01-17 16:31 . 2010-11-13 02:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-17 16:31 . 2010-11-13 02:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-01-14 10:40 . 2011-01-29 11:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2011-01-14 10:40 . 2011-01-15 07:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-01-08 13:31 . 2011-01-08 13:31 388096 ----a-r- c:\documents and settings\Tyler.TYLER-3FCDEF477\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-07 08:13 . 2011-01-07 08:17 -------- d-----w- C:\a4f9d3d1c87bb9b571862e6b99
    2011-01-02 05:51 . 2011-01-02 05:51 70144 --sha-r- c:\windows\system32\xpsp2resb.dll
    2010-12-31 06:48 . 2010-12-31 06:50 -------- d-----w- c:\program files\iTunes

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12 . 2010-02-15 08:04 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-13 00:34 . 2010-03-31 13:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-11-09 14:52 . 2004-08-10 11:00 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 22:52 . 2010-11-02 22:52 1716297 ----a-w- c:\windows\system32\InetClnt.dll
    2010-11-02 22:52 . 2010-11-02 22:52 12 ----a-w- c:\windows\Fonts\wfonts.key
    2010-11-02 15:17 . 2004-08-10 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2008-03-09 14:25 . 2010-07-18 08:31 236 ----a-w- c:\program files\Common Files\dx.reg
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-05 00:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
    backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
    backup=c:\windows\pss\NETGEAR WN111v2 Smart Wizard.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Tyler.TYLER-3FCDEF477^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Tyler.TYLER-3FCDEF477\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    c:\windows\system32\dumprep 0 -u [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2006-10-23 06:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 22:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    2007-05-14 22:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2004-08-10 12:04 59392 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2003-12-22 16:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2003-08-05 01:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
    2007-10-08 21:13 1101824 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
    2007-10-08 21:18 995328 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-11-10 23:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
    2006-05-01 22:46 73728 ----a-w- c:\windows\system32\nvhotkey.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2006-05-01 22:46 1519616 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
    2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smp.exe]
    2009-01-11 19:06 767272 ----a-w- c:\program files\Pure Networks\Speed Meter Pro\smp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-02-16 05:50 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2006-03-08 19:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskMngr]
    2008-05-08 11:24 155648 ----a-w- c:\windows\system32\wscript.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
    2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "YahooAUService"=2 (0x2)
    "wlidsvc"=2 (0x2)
    "NVSvc"=2 (0x2)
    "Nero BackItUp Scheduler 3"=2 (0x2)
    "gusvc"=3 (0x3)
    "gupdate"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "StarWindServiceAE"=2 (0x2)
    "ose"=3 (0x3)
    "NMIndexingService"=3 (0x3)
    "jswpsapi"=3 (0x3)
    "IntuitUpdateService"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "NAUpdate"=2 (0x2)
    "iPod Service"=3 (0x3)
    "idsvc"=3 (0x3)
    "EvtEng"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\NETGEAR\\WN111v2\\WN111V2.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\biSecurity.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\lclpeers.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\iexplore.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\localDHT.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\localseed.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\MemoryTest.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\pingserver.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\searchpeers.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\UpData.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\uService.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1038:TCP"= 1038:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/17/2010 10:52 PM 691696]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/15/2010 9:54 AM 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/15/2010 9:54 AM 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/15/2010 9:54 AM 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110128.003\IDSXpx86.sys [1/28/2011 9:01 PM 341944]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 3:00 AM 14336]
    R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2/15/2010 9:53 AM 117640]
    R2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\drivers\pnpcap.sys [3/6/2010 8:15 AM 23352]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 4:30 AM 102448]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 3:45 PM 57440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/28/2011 11:10 PM 20952]
    R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [1/14/2009 1:23 AM 458752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/28/2011 11:10 PM 363344]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 4:51 PM 30963576]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 7:37 PM 4640000]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2010 9:50 PM 135664]
    S4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 10:54 AM 360547]
    S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [2/18/2010 2:01 PM 462632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
    2008-02-25 18:55 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2010-02-27 c:\windows\Tasks\expressripShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-02-20 16:25]

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:50]

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:50]

    2011-01-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-02-05 00:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://yahoo.com/
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
    FF - ProfilePath - c:\documents and settings\Tyler.TYLER-3FCDEF477\Application Data\Mozilla\Firefox\Profiles\zk4pef5d.default\
    FF - prefs.js: browser.startup.homepage - yahoo.com
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Tyler.TYLER-3FCDEF477\Application Data\Move Networks
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    .
    ------- File Associations -------
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
    MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
    MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
    MSConfigStartUp-CloneDVDElbyDelay - c:\program files\Elaborate Bytes\CloneDVD\ElbyCheck.exe
    MSConfigStartUp-DXDllRegExe - dxdllreg.exe
    MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
    MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    MSConfigStartUp-jkss - c:\program files\Common Files\Microsoft Shared\Web Components\jkss.exe
    MSConfigStartUp-jswtrayutil - c:\program files\NETGEAR\WN111v2\jswtrayutil.exe
    MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
    MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
    MSConfigStartUp-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    MSConfigStartUp-Tunebite - c:\program files\RapidSolution\Tunebite\Tunebite.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-01-29 09:48
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1547161642-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0889FA85-0E8C-C087-386E-64B00E68E4B3}*]
    "makafjgalopggjhikkpoelpljf"=hex:6f,61,64,6e,63,68,6e,69,70,6e,6b,61,6d,61,63,
    68,64,6d,6e,66,6d,61,61,68,67,64,65,6f,70,63,00,00
    "abpakjgeghlceolikklaijbmpjggcnopkn"=hex:69,61,61,65,67,64,6d,6e,67,6e,6e,6e,
    6c,64,62,6d,65,6a,00,00

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(332)
    c:\windows\system32\netprovcredman.dll

    - - - - - - - > 'explorer.exe'(1036)
    c:\windows\system32\WININET.dll
    c:\windows\system32\AcSignIcon.dll
    c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\netprovcredman.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\acs.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\windows\system32\dllhost.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-29 09:56:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-29 17:56

    Pre-Run: 32,690,257,920 bytes free
    Post-Run: 32,962,555,904 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - 511A3B9C63067C3064D3198B8B146F20


    Thanks!

  4. #4
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello again Equate5

    P2P (File Sharing) Warning!

    P2P file sharing: >>> Know the risks <<<


    Going over your logs I noticed that you have been using P2P programs!!!

    Please note that as long as you're using any form of Peer-to-Peer networking (Morpheus, Ares, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

    Once upon a time, P2P file sharing was fairly safe. That is no longer true.
    P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

    Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
    When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

    There are some very good reasons for this, and they are for your protection:


    From a security standpoint, p2p forms a direct connection into your computer and circumvents or by passes most security, Anti-Malware and firewall software or hardware.

    Any type of security on these programs is poor at best and non existent on some, this could lead to Malware being downloaded into your computer without your knowledge.

    Additionally, in cases where the program has not been configured correctly, a lot more than your music files have finished up being shared with others.

    Passwords, PIN numbers, bank accounts, and other personal details have been harvested by the unscrupulous for their own gain at your expense.

    Have a read of the below article to see where that happened:

    Update: Seattle man arrested for p-to-p ID theft | InfoWorld | News | 2007-09-06 | By Robert McMillan, IDG News Service


    Peer-to-peer file sharing, or P2P, has become enormously popular because it allows users to easily exchange music and video files over the Internet. Tens of millions of people use P2P applications such as Limewire, eDonkey and BearShare to fill their MP3 players and hard Are You Leaking Your "State Secrets" Over P2P? drives with all the music and movies they want, all for free. But even "free" has a cost.

    In addition to violating copyright laws, there are other potential dangers when downloading files via P2P. For instance, hackers know that source files on P2P networks are not being validated, so it's easy to trick you into downloading a virus or spyware instead of the Justin Beiber video you thought you were getting.

    The other major issue is the simple fact that P2P programs share your data with all of the other P2P users in cyberspace. Because of this, there is a good chance you might unknowingly share your most precious and private data with the rest of the world. During installation P2P programs scan your hard drive, looking for files to share. If you do not exercise caution, your entire hard drive, including any confidential documents it may contain, could be left wide open for anyone to access. Think about the files you have on your PC right now. Are you storing documents that have your passwords, Social Security number, or bank account information? If you have P2P software on your PC, you could be targeted for identity theft.

    A criminal hacker can locate sensitive information on other P2P users' PCs by performing a quick search for a few keywords: "passwords," "taxes," "banking," etc. The search turns up documents that the hacker can download. It's that simple.

    Digging through P2P networks for my own research, I've uncovered tax returns, student loan applications, credit reports, and Social Security numbers. I've found love letters, private photos, videos, and just about anything else that can be saved as a digital file. P2P networks have even exposed details on a U.S. Secret Service safe house for the president and his family, and revealed blueprints for President Obama's private helicopter. While you probably don't have state secrets stored on your PC, you should still take care to keep your sensitive files safe.

    Here are some tips to protect you from accidentally sharing data on a P2P network:

    * The smartest way to stay safe is not to install P2P software on your computer in the first place
    * If you think a family member may have installed P2P software on their computer, check for new, unfamiliar applications. A look at your "All Programs Menu" will show nearly every program on your computer. If you see one you don't recognize, do an online search to see if it is a P2P application
    * Set administrative privileges on your computer to prevent the installation of new software without your knowledge
    * Use comprehensive security software such as McAfee® Total Protection and keep it up to date
    * Make sure your firewall is enabled, and if an application asks you to change your settings to enable access to the Internet, don't allow it

    To protect your identity, use McAfee Identity Protection which continually monitors your information and works to proactively protect you and will be there to assist you in the event that your identity is compromised.

    P2P file sharing can be tempting, but in most cases, the costly dangers just aren't worth it.

    Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

    It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


    Please carefully follow my next set of steps:

    I see you are running Teatimer.

    I suggest you to disable it because it can interfere with the changes you'll make on your system.
    When everything is done and your log is clean again, you can enable it again.

    If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
    How to disable TeaTimer <== click me for instructions.

    After I declare you clean of malware, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
    Doubleclick ResetTeaTimer.bat and let it run. This will only take a few seconds.

    Step 1.

    Files Infected:
    c:\documents and settings\tyler.tyler-3fcdef477\my documents\LimeWire\Saved\malwarebytes anti-malware v1.50.1.1100 . serials [chattchitto rg]\malwarebytes anti-malware v1.50.1.1100 . serials [chattchitto rg].exe (Dont.Steal.Our.Software) -> No action taken.
    c:\documents and settings\tyler.tyler-3fcdef477\my documents\LimeWire\Saved\autocad\acad2011 (e)\Crack\xf-a2011-32bits\xf-a2011-32bits.exe (RiskWare.Tool.CK) -> No action taken.
    c:\documents and settings\tyler.tyler-3fcdef477\my documents\LimeWire\Saved\autocad\acad2011 (e)\Crack\xf-a2011-64bits\xf-a2011-64bits.exe (RiskWare.Tool.CK) -> No action taken.
    There is no sense in running it if you are going to ignore everything it found.

    Your MBAM log shows "No action taken".
    This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile.
    Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal.
    Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
    After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.

    Step 2.

    Update Adobe Reader

    Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
    • Go to Start > Control Panel > Add/Remove Programs
    • Remove ALL instances of Adobe Reader
    • Re-boot your computer as required.
    • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader.


    Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >>here<< Foxit Reader has fewer add-ons therefore loads more quickly.

    NOTE: Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
    ============
    Step 3.
    Re-run ComboFix with some additional directives.

    Complex Malware removal is to be performed by trained personnel, as they’re capable of doing a surgical cleanup without affecting other components of the Operating System.
    :
    1. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
    2. If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    3. Make sure that combofix.exe that you downloaded is on your Desktop but do NOT run it!
      o *If it is not on your Desktop, the below will not work.
    4. Go to Start -> Run... and in the "Open:" box that opens type Notepad and press Enter (alternatively, navigate to Start -> Accessories -> Notepad).
    5. Copy the entire contents inside the CODE box below into Notepad (do NOT copy the word "CODE"!) - don't use any other text editor than Notepad or the script will fail.
      Code:
      KillAll::
      
      File::
      c:\windows\system32\xpsp2resb.dll
      Folder::
      C:\a4f9d3d1c87bb9b571862e6b99
      c:\windows\CD95F661A5C444F5A6AAECDD91C240BE.TMP
      RegNull::
      [HKEY_USERS\S-1-5-21-1547161642-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0889FA85-0E8C-C087-386E-64B00E68E4B3}*]
      Looking at the image below as an example:
    6. Go to File -> Save and save as CFScript.txt in the same location as ComboFix.exe.
    7. Close all applications and windows so that you have nothing open and are at your Desktop.
    8. Drag CFScript.txt on top of ComboFix.exe. (This will start ComboFix again). Please follow the prompts.
    9. When finished, ComboFix shall produce a log for you at C:\ComboFix.txt. Please post the entire contents of that report in your next reply for further review.
      NOTE: Do NOT mouseclick ComboFix's window whilst it's running. That may cause your system to hang!
      CAUTION!
      Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


    Step 4.

    • Download: >>> OTL by Old Timer <<< to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check
    .

    .

    • Now copy the lines below.

      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      CREATERESTOREPOINT


    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


      .
    • Click the Run Scan button.


    • Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

    =========

    Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    Summary of the logs I will need in your next reply:
    • The TWO report logs of OTL
    • The report log of ComboFix.

    And a description of any remaining problems.

    How are things your end ???.


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Kind regards
    Net_Surfer
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  5. #5
    Member
    Join Date
    Jan 2011
    Posts
    8
    Points
    0

    Default

    Hi Net_Surfer,

    Sorry but there is no Resident under Tool for Spybot. What should I do? Thanks


    Equate

  6. #6
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Uninstall spybot and after the fix I will let you know when you can install it back...but Malwarebytes and WinPatrol will do a better job that spybot.
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  7. #7
    Member
    Join Date
    Jan 2011
    Posts
    8
    Points
    0

    Default

    hMalwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes

    Database version: 5633

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/29/2011 10:35:59 PM
    mbam-log-2011-01-29 (22-35-59).txt

    Scan type: Quick scan
    Objects scanned: 217298
    Time elapsed: 10 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ere are the result.

    ComboFix 11-01-29.02 - Tyler 01/29/2011 23:44:57.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1465 [GMT -8:00]
    Running from: c:\documents and settings\Tyler.TYLER-3FCDEF477\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Tyler.TYLER-3FCDEF477\Desktop\CFScript.txt
    AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
    .

    2011-01-29 07:10 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-29 07:10 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-27 06:54 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-01-26 05:43 . 2011-01-26 05:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
    2011-01-26 04:40 . 2011-01-26 04:40 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240BE.TMP
    2011-01-23 16:29 . 2011-01-23 16:29 -------- d-----w- C:\coupons
    2011-01-19 08:04 . 2011-01-19 08:04 -------- d-----w- c:\documents and settings\Tyler.TYLER-3FCDEF477\Local Settings\Application Data\Intuit
    2011-01-19 08:02 . 2011-01-19 08:02 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\IsolatedStorage
    2011-01-19 08:02 . 2011-01-19 08:02 -------- d-----w- c:\documents and settings\Tyler.TYLER-3FCDEF477\Application Data\Intuit
    2011-01-19 07:55 . 2011-01-19 07:55 -------- d-----w- c:\documents and settings\Tyler.TYLER-3FCDEF477\Local Settings\Application Data\IsolatedStorage
    2011-01-19 07:55 . 2011-01-19 08:01 -------- d-----w- c:\program files\Common Files\Intuit
    2011-01-19 07:54 . 2011-01-19 07:54 -------- d-----w- c:\program files\TurboTax
    2011-01-19 07:54 . 2011-01-19 07:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Intuit
    2011-01-17 16:31 . 2010-11-13 02:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-17 16:31 . 2010-11-13 02:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-01-14 10:40 . 2011-01-30 05:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2011-01-14 10:40 . 2011-01-15 07:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-01-08 13:31 . 2011-01-08 13:31 388096 ----a-r- c:\documents and settings\Tyler.TYLER-3FCDEF477\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-07 08:13 . 2011-01-07 08:17 -------- d-----w- C:\a4f9d3d1c87bb9b571862e6b99
    2011-01-02 05:51 . 2011-01-02 05:51 70144 --sha-r- c:\windows\system32\xpsp2resb.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12 . 2010-02-15 08:04 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-13 00:34 . 2010-03-31 13:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-11-09 14:52 . 2004-08-10 11:00 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 22:52 . 2010-11-02 22:52 1716297 ----a-w- c:\windows\system32\InetClnt.dll
    2010-11-02 22:52 . 2010-11-02 22:52 12 ----a-w- c:\windows\Fonts\wfonts.key
    2010-11-02 15:17 . 2004-08-10 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2008-03-09 14:25 . 2010-07-18 08:31 236 ----a-w- c:\program files\Common Files\dx.reg
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-05 00:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
    backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
    backup=c:\windows\pss\NETGEAR WN111v2 Smart Wizard.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Tyler.TYLER-3FCDEF477^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Tyler.TYLER-3FCDEF477\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    c:\windows\system32\dumprep 0 -u [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2006-10-23 06:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 22:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    2007-05-14 22:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2004-08-10 12:04 59392 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2003-12-22 16:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2003-08-05 01:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
    2007-10-08 21:13 1101824 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
    2007-10-08 21:18 995328 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2010-12-21 02:08 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-11-10 23:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
    2006-05-01 22:46 73728 ----a-w- c:\windows\system32\nvhotkey.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2006-05-01 22:46 1519616 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
    2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smp.exe]
    2009-01-11 19:06 767272 ----a-w- c:\program files\Pure Networks\Speed Meter Pro\smp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-02-16 05:50 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2006-03-08 19:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskMngr]
    2008-05-08 11:24 155648 ----a-w- c:\windows\system32\wscript.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
    2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "YahooAUService"=2 (0x2)
    "wlidsvc"=2 (0x2)
    "NVSvc"=2 (0x2)
    "Nero BackItUp Scheduler 3"=2 (0x2)
    "gusvc"=3 (0x3)
    "gupdate"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "StarWindServiceAE"=2 (0x2)
    "ose"=3 (0x3)
    "NMIndexingService"=3 (0x3)
    "jswpsapi"=3 (0x3)
    "IntuitUpdateService"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "NAUpdate"=2 (0x2)
    "iPod Service"=3 (0x3)
    "idsvc"=3 (0x3)
    "EvtEng"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\NETGEAR\\WN111v2\\WN111V2.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\biSecurity.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\lclpeers.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\iexplore.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\localDHT.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\localseed.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\MemoryTest.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\pingserver.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\searchpeers.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\UpData.exe"=
    "c:\\Documents and Settings\\Tyler.TYLER-3FCDEF477\\Application Data\\InFiles\\dssource\\j\\uService.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2094:TCP"= 2094:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/17/2010 10:52 PM 691696]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/15/2010 9:54 AM 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/15/2010 9:54 AM 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/15/2010 9:54 AM 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110128.003\IDSXpx86.sys [1/28/2011 9:01 PM 341944]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 3:00 AM 14336]
    R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2/15/2010 9:53 AM 117640]
    R2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\drivers\pnpcap.sys [3/6/2010 8:15 AM 23352]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 4:30 AM 102448]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 3:45 PM 57440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/28/2011 11:10 PM 20952]
    R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [1/14/2009 1:23 AM 458752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/28/2011 11:10 PM 363344]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 4:51 PM 30963576]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 7:37 PM 4640000]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2010 9:50 PM 135664]
    S4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 10:54 AM 360547]
    S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [2/18/2010 2:01 PM 462632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
    2008-02-25 18:55 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2010-02-27 c:\windows\Tasks\expressripShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-02-20 16:25]

    2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:50]

    2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:50]

    2011-01-30 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-02-05 00:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://yahoo.com/
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
    FF - ProfilePath - c:\documents and settings\Tyler.TYLER-3FCDEF477\Application Data\Mozilla\Firefox\Profiles\zk4pef5d.default\
    FF - prefs.js: browser.startup.homepage - yahoo.com
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Tyler.TYLER-3FCDEF477\Application Data\Move Networks
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-01-29 23:49
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1547161642-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0889FA85-0E8C-C087-386E-64B00E68E4B3}*]
    "makafjgalopggjhikkpoelpljf"=hex:6f,61,64,6e,63,68,6e,69,70,6e,6b,61,6d,61,63,
    68,64,6d,6e,66,6d,61,61,68,67,64,65,6f,70,63,00,00
    "abpakjgeghlceolikklaijbmpjggcnopkn"=hex:69,61,61,65,67,64,6d,6e,67,6e,6e,6e,
    6c,64,62,6d,65,6a,00,00

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(340)
    c:\windows\system32\netprovcredman.dll

    - - - - - - - > 'explorer.exe'(860)
    c:\windows\system32\WININET.dll
    c:\windows\system32\AcSignIcon.dll
    c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2011-01-29 23:52:17
    ComboFix-quarantined-files.txt 2011-01-30 07:52
    ComboFix2.txt 2011-01-30 07:33
    ComboFix3.txt 2011-01-30 07:13
    ComboFix4.txt 2011-01-29 17:56

    Pre-Run: 32,739,667,968 bytes free
    Post-Run: 32,724,721,664 bytes free

    - - End Of File - - 666D4C4F5B9A2613091BBD5DC054A5A0

    OTL Extras logfile created on: 1/30/2011 12:01:02 AM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 105.69 Gb Total Space | 30.50 Gb Free Space | 28.86% Space Free | Partition Type: NTFS
    Drive D: | 1.89 Gb Total Space | 1.89 Gb Free Space | 100.00% Space Free | Partition Type: FAT
    Drive F: | 7.45 Gb Total Space | 7.32 Gb Free Space | 98.25% Space Free | Partition Type: FAT32
    Drive Y: | 582.50 Gb Total Space | 101.28 Gb Free Space | 17.39% Space Free | Partition Type: NTFS
    Drive Z: | 189.92 Gb Total Space | 104.34 Gb Free Space | 54.94% Space Free | Partition Type: NTFS

    Computer Name: TYLER-3FCDEF477 | User Name: Tyler | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "2094:TCP" = 2094:TCP:*:Enabled:Akamai NetSession Interface
    "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
    "C:\Program Files\NETGEAR\WN111v2\WN111V2.exe" = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe:*:Enabled:NETGEAR Smart Wizard -- (NETGEAR)
    "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\biSecurity.exe" = C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\biSecurity.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\lclpeers.exe" = C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\lclpeers.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\iexplore.exe" = C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\iexplore.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\localDHT.exe" = C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\localDHT.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\localseed.exe" = C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\localseed.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\MemoryTest.exe" = C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\MemoryTest.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\pingserver.exe" = C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\pingserver.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\searchpeers.exe" = C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\searchpeers.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\UpData.exe" = C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\UpData.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\uService.exe" = C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles\dssource\j\uService.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
    "{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
    "{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 23
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
    "{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
    "{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
    "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AF99FCA-1D0C-4D5A-9BFE-0D4376A52B23}" = Autodesk Revit Architecture 2011
    "{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5783F2D7-9001-0409-0002-0060B0CE6BBA}" = AutoCAD 2011 - English
    "{5783F2D7-9001-0409-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
    "{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
    "{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
    "{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
    "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
    "{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
    "{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}" = LIVE gaming on Windows Runtime Version 1.0.6027
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
    "{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
    "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
    "{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
    "{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
    "{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{DE387A89-3BB2-4E88-AB01-0C110190A303}" = Speed Meter Pro
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
    "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
    "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Akamai" = Akamai NetSession Interface
    "AutoCAD 2011 - English" = AutoCAD 2011 - English
    "AutoCAD 2011 - English Version 2.1" = AutoCAD 2011 - English Version 2.1
    "Autodesk Design Review 2011" = Autodesk Design Review 2011
    "Autodesk Revit Architecture 2011" = Autodesk Revit Architecture 2011
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
    "DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
    "DivX Setup.divx.com" = DivX Setup
    "DVDFab 8_is1" = DVDFab 8.0.0.5 (25/08/2010)
    "ESPNMotion" = ESPNMotion
    "ExpressRip" = Express Rip
    "HP Photo & Imaging" = HP Image Zone 3.5
    "ie8" = Windows Internet Explorer 8
    "ImgBurn" = ImgBurn
    "InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
    "LimeWire" = LimeWire 5.5.16
    "MagicISO v5.5_is1" = MagicISO v5.5 (build 0274)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "N360" = Norton Security Suite
    "Network MagicUninstall" = Network Magic
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office14.OUTLOOK" = Microsoft Outlook 2010
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "ProInst" = Intel(R) PROSet/Wireless Software
    "RAR Repair Tool_is1" = RAR Repair Tool v.4.0
    "Speed Meter ProUninstall" = Speed Meter Pro
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TurboTax 2010" = TurboTax 2010
    "WIC" = Windows Imaging Component
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/29/2011 2:07:06 PM | Computer Name = TYLER-3FCDEF477 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1984

    Error - 1/29/2011 2:07:06 PM | Computer Name = TYLER-3FCDEF477 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1984

    Error - 1/30/2011 1:42:48 AM | Computer Name = TYLER-3FCDEF477 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/30/2011 1:42:48 AM | Computer Name = TYLER-3FCDEF477 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 41744422

    Error - 1/30/2011 1:42:48 AM | Computer Name = TYLER-3FCDEF477 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 41744422

    Error - 1/30/2011 1:42:50 AM | Computer Name = TYLER-3FCDEF477 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/30/2011 1:42:50 AM | Computer Name = TYLER-3FCDEF477 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 41746375

    Error - 1/30/2011 1:42:50 AM | Computer Name = TYLER-3FCDEF477 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 41746375

    Error - 1/30/2011 2:45:55 AM | Computer Name = TYLER-3FCDEF477 | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 1/30/2011 3:46:10 AM | Computer Name = TYLER-3FCDEF477 | Source = Application Error | ID = 1000
    Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
    version 0.0.0.0, fault address 0x0008d560.

    [ System Events ]
    Error - 1/30/2011 4:14:29 AM | Computer Name = TYLER-3FCDEF477 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 1/30/2011 4:14:31 AM | Computer Name = TYLER-3FCDEF477 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 1/30/2011 4:14:34 AM | Computer Name = TYLER-3FCDEF477 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 1/30/2011 4:14:37 AM | Computer Name = TYLER-3FCDEF477 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 1/30/2011 4:14:40 AM | Computer Name = TYLER-3FCDEF477 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 1/30/2011 4:14:43 AM | Computer Name = TYLER-3FCDEF477 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 1/30/2011 4:14:46 AM | Computer Name = TYLER-3FCDEF477 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 1/30/2011 4:15:20 AM | Computer Name = TYLER-3FCDEF477 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 1/30/2011 4:15:25 AM | Computer Name = TYLER-3FCDEF477 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 1/30/2011 4:15:28 AM | Computer Name = TYLER-3FCDEF477 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.


    < End of report >

    OTL logfile created on: 1/30/2011 12:01:01 AM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 105.69 Gb Total Space | 30.50 Gb Free Space | 28.86% Space Free | Partition Type: NTFS
    Drive D: | 1.89 Gb Total Space | 1.89 Gb Free Space | 100.00% Space Free | Partition Type: FAT
    Drive F: | 7.45 Gb Total Space | 7.32 Gb Free Space | 98.25% Space Free | Partition Type: FAT32
    Drive Y: | 582.50 Gb Total Space | 101.28 Gb Free Space | 17.39% Space Free | Partition Type: NTFS
    Drive Z: | 189.92 Gb Total Space | 104.34 Gb Free Space | 54.94% Space Free | Partition Type: NTFS

    Computer Name: TYLER-3FCDEF477 | User Name: Tyler | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
    PRC - C:\WINDOWS\system32\acs.exe (Atheros)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
    PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
    MOD - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\asOEHook.dll (Symantec Corporation)
    MOD - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (StarWindServiceAE) -- File not found
    SRV - (HidServ) -- File not found
    SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll ()
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
    SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
    SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
    SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
    SRV - (Autodesk Network Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe (Autodesk, Inc.)
    SRV - (jswpsapi) -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe (Atheros Communications, Inc.)
    SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
    SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel Corporation)
    SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
    SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (catchme) -- File not found
    DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (NAVEX15) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110129.003\NAVEX15.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110129.003\NAVENG.SYS (Symantec Corporation)
    DRV - (IDSxpx86) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110128.003\IDSXpx86.sys (Symantec Corporation)
    DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (NCHSSVAD) SoundTap Recorder (32 Bit) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
    DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
    DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
    DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
    DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
    DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
    DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
    DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
    DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS (Symantec Corporation)
    DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS (Symantec Corporation)
    DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
    DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
    DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
    DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
    DRV - (WN111v2) -- C:\WINDOWS\system32\drivers\WN111v2.sys (Atheros Communications, Inc.)
    DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
    DRV - (pnpcap) -- C:\WINDOWS\system32\drivers\pnpcap.sys (Pure Networks, Inc.)
    DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
    DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
    DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
    DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
    DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
    DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
    DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
    DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
    DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
    DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
    DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
    DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "yahoo.com"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 19:36:42 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/30 06:01:34 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/17 08:31:27 | 000,000,000 | ---D | M]

    [2010/12/01 07:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Mozilla\Extensions
    [2010/02/15 05:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2011/01/25 20:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Mozilla\Firefox\Profiles\zk4pef5d.default\extensions
    [2010/12/03 22:56:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Mozilla\Firefox\Profiles\zk4pef5d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/01/29 22:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/01/17 08:31:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/04/26 19:36:42 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
    [2011/01/29 22:44:44 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
    [2010/08/29 06:29:09 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\TYLER.TYLER-3FCDEF477\APPLICATION DATA\MOVE NETWORKS
    [2010/03/31 05:10:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/01/29 09:48:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: () - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: () - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/s.../SysProExe.cab (Scanner.SysScanner)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Symantec Script Runner Class)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase6886.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1266235465125 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1266236943843 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.76.182 68.87.78.134
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/10 12:07:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - Services: "YahooAUService"
    MsConfig - Services: "wlidsvc"
    MsConfig - Services: "NVSvc"
    MsConfig - Services: "Nero BackItUp Scheduler 3"
    MsConfig - Services: "gusvc"
    MsConfig - Services: "gupdate"
    MsConfig - Services: "Apple Mobile Device"
    MsConfig - Services: "StarWindServiceAE"
    MsConfig - Services: "ose"
    MsConfig - Services: "NMIndexingService"
    MsConfig - Services: "jswpsapi"
    MsConfig - Services: "IntuitUpdateService"
    MsConfig - Services: "JavaQuickStarterService"
    MsConfig - Services: "NAUpdate"
    MsConfig - Services: "iPod Service"
    MsConfig - Services: "idsvc"
    MsConfig - Services: "EvtEng"
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe - ()
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe - ()
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WN111v2\WN111V2.exe - (NETGEAR)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
    MsConfig - StartUpFolder: C:^Documents and Settings^Tyler.TYLER-3FCDEF477^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe - (Lime Wire, LLC)
    MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
    MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
    MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
    MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
    MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
    MsConfig - StartUpReg: IntelWireless - hkey= - key= - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    MsConfig - StartUpReg: IntelZeroConfig - hkey= - key= - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    MsConfig - StartUpReg: NVHotkey - hkey= - key= - File not found
    MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    MsConfig - StartUpReg: Search Protection - hkey= - key= - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    MsConfig - StartUpReg: smp.exe - hkey= - key= - C:\Program Files\Pure Networks\Speed Meter Pro\smp.exe (Cisco Systems, Inc.)
    MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    MsConfig - StartUpReg: TaskMngr - hkey= - key= - File not found
    MsConfig - StartUpReg: UserFaultCheck - hkey= - key= - File not found
    MsConfig - StartUpReg: YSearchProtection - hkey= - key= - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 2
    MsConfig - State: "startup" - 1

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/29 23:53:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\OTL.exe
    [2011/01/29 09:20:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/01/29 09:13:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/01/29 09:13:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/01/29 09:13:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/01/29 09:13:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/01/29 09:13:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/01/29 09:10:21 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/29 03:40:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Recent
    [2011/01/28 23:10:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/01/28 23:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/01/28 23:10:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/01/25 21:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinZip
    [2011/01/25 21:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
    [2011/01/25 21:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
    [2011/01/25 20:40:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240BE.TMP
    [2011/01/23 08:29:00 | 000,000,000 | ---D | C] -- C:\coupons
    [2011/01/19 00:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Local Settings\Application Data\Intuit
    [2011/01/19 00:02:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Intuit
    [2011/01/18 23:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TurboTax 2010
    [2011/01/18 23:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Local Settings\Application Data\IsolatedStorage
    [2011/01/18 23:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
    [2011/01/18 23:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
    [2011/01/18 23:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit
    [2011/01/17 08:31:27 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2011/01/17 08:31:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/01/17 08:31:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/01/17 08:31:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/01/14 02:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot - Search & Destroy
    [2011/01/14 02:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/01/14 02:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    [2011/01/08 05:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Start Menu\Programs\HiJackThis
    [2011/01/07 00:13:41 | 000,000,000 | ---D | C] -- C:\a4f9d3d1c87bb9b571862e6b99
    [2011/01/01 21:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinRAR
    [2011/01/01 21:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Start Menu\Programs\WinRAR
    [2010/03/09 19:19:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\pcouffin.sys
    [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/01/30 00:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2011/01/29 23:53:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\OTL.exe
    [2011/01/29 23:13:40 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/29 22:53:47 | 004,262,410 | R--- | M] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\ComboFix.exe
    [2011/01/29 22:52:21 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/01/29 22:45:56 | 000,000,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
    [2011/01/29 22:44:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/29 22:28:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/29 21:46:52 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\HiJackThis.lnk
    [2011/01/29 09:48:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/01/28 23:10:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/28 22:32:04 | 000,720,344 | ---- | M] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\rkill.com
    [2011/01/28 22:24:10 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\exeHelper.com
    [2011/01/28 22:23:10 | 000,150,586 | ---- | M] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\107598-website-redire.pdf
    [2011/01/27 22:33:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/01/27 21:05:14 | 000,415,091 | ---- | M] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\winrar-x64-393.exe
    [2011/01/26 23:11:45 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/01/26 23:06:57 | 000,365,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/01/25 23:10:34 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/01/25 21:46:48 | 000,077,399 | ---- | M] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\64bit.zip
    [2011/01/25 21:43:30 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\WinZip.lnk
    [2011/01/25 20:34:48 | 000,001,799 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AutoCAD 2011 - English.lnk
    [2011/01/25 20:21:29 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Autodesk Design Review.lnk
    [2011/01/24 22:50:00 | 000,002,835 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Nero StartSmart 10.lnk
    [2011/01/24 20:06:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/01/24 00:01:09 | 000,030,277 | ---- | M] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\IRI_Performance_Evaluation_Form_2011 (4).docx
    [2011/01/18 23:58:34 | 000,001,898 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TurboTax 2010.lnk
    [2011/01/16 23:53:52 | 000,051,244 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2011/01/14 23:27:01 | 000,000,092 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2011/01/14 02:41:26 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/01/14 02:41:26 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\Spybot - Search & Destroy.lnk
    [2011/01/06 23:54:48 | 000,485,128 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/01/06 23:54:48 | 000,080,976 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/01/06 01:02:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/01 21:51:34 | 000,070,144 | RHS- | M] () -- C:\WINDOWS\System32\xpsp2resb.dll
    [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/01/29 09:20:08 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/01/29 09:20:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/01/29 09:13:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/01/29 09:13:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/01/29 09:13:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/01/29 09:13:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/01/29 09:13:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/01/28 23:47:50 | 004,262,410 | R--- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\ComboFix.exe
    [2011/01/28 23:10:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/28 22:31:58 | 000,720,344 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\rkill.com
    [2011/01/28 22:23:56 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\exeHelper.com
    [2011/01/28 22:23:10 | 000,150,586 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\107598-website-redire.pdf
    [2011/01/27 21:05:13 | 000,415,091 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\winrar-x64-393.exe
    [2011/01/26 23:11:45 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Start Menu\Programs\Internet Explorer.lnk
    [2011/01/25 21:46:48 | 000,077,399 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\64bit.zip
    [2011/01/25 21:43:30 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\WinZip.lnk
    [2011/01/25 20:34:48 | 000,001,799 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AutoCAD 2011 - English.lnk
    [2011/01/25 20:21:29 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Autodesk Design Review.lnk
    [2011/01/24 22:50:00 | 000,002,835 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Nero StartSmart 10.lnk
    [2011/01/18 23:58:34 | 000,001,898 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TurboTax 2010.lnk
    [2011/01/14 23:27:01 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2011/01/14 02:41:26 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/01/14 02:41:26 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\Spybot - Search & Destroy.lnk
    [2011/01/08 05:31:05 | 000,002,483 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\HiJackThis.lnk
    [2011/01/04 13:27:25 | 000,030,277 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Desktop\IRI_Performance_Evaluation_Form_2011 (4).docx
    [2011/01/01 21:51:34 | 000,070,144 | RHS- | C] () -- C:\WINDOWS\System32\xpsp2resb.dll
    [2010/12/19 23:16:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2010/08/01 09:15:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\MF.dll
    [2010/07/28 21:30:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\mf.dll
    [2010/07/18 00:31:39 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
    [2010/07/18 00:31:35 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
    [2010/07/18 00:31:35 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
    [2010/07/18 00:31:35 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
    [2010/07/18 00:31:34 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
    [2010/06/17 22:52:55 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2010/03/14 08:54:44 | 000,000,234 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\default.rss
    [2010/03/13 09:47:24 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
    [2010/03/09 19:22:01 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
    [2010/03/09 19:20:07 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\pcouffin.log
    [2010/03/09 19:19:47 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\ezpinst.exe
    [2010/03/09 19:19:47 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\pcouffin.cat
    [2010/03/09 19:19:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\pcouffin.inf
    [2010/02/27 08:52:08 | 000,000,347 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
    [2010/02/21 08:45:37 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\atscie.msi
    [2010/02/17 00:17:28 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/15 03:59:13 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2010/02/15 00:22:42 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Local Settings\Application Data\fusioncache.dat
    [2010/02/14 15:43:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/10/03 19:35:42 | 001,711,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/08/10 12:40:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2009/08/10 12:40:13 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2009/08/10 12:40:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2009/08/10 12:40:11 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2009/08/10 12:40:11 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2008/11/05 04:42:45 | 000,062,400 | ---- | C] () -- C:\WINDOWS\System32\IFC.dll
    [2008/11/05 04:41:56 | 000,422,848 | ---- | C] () -- C:\WINDOWS\System32\PPL.dll
    [2008/06/27 15:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
    [2007/08/23 17:30:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2007/04/17 14:34:40 | 000,135,716 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
    [2006/07/13 06:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
    [2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

    ========== LOP Check ==========

    [2011/01/25 20:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk
    [2010/02/15 00:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DIGStream
    [2010/02/15 21:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
    [2010/02/24 07:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
    [2010/02/16 22:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NETGEAR
    [2010/08/30 19:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
    [2010/08/18 07:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RapidSolution
    [2010/04/20 21:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
    [2010/08/03 00:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vsosdk
    [2011/01/25 21:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
    [2010/04/25 06:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/02/15 06:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/10/16 22:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Autodesk
    [2010/02/17 07:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/08/15 20:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\GARMIN
    [2010/03/04 23:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\ImgBurn
    [2010/05/29 18:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\InFiles
    [2010/03/26 18:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Leadertech
    [2011/01/28 21:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\LimeWire
    [2010/03/14 00:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\LimeWireTurbo
    [2010/02/23 00:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\NCH Swift Sound
    [2010/04/17 05:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Toolbar4
    [2010/08/06 22:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Tunebite
    [2010/02/15 21:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Uniblue
    [2010/09/01 23:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Vso
    [2010/03/14 08:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Windows Search
    [2010/08/05 23:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\Xilisoft
    [2010/02/27 07:15:02 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\expressripShakeIcon.job
    [2011/01/30 00:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2010/02/15 23:06:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2010/02/15 23:06:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2010/02/15 23:06:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2010/02/15 23:06:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
    [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0029\DriverFiles\i386\atapi.sys
    [2004/08/10 03:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/10 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: IASTOR.SYS >
    [2006/04/26 04:23:52 | 000,250,880 | ---- | M] (Intel Corporation) MD5=1C77A81756D4777CCB0425AE8107FE96 -- C:\WINDOWS\dell\iastor\iastor.sys

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
    [2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
    [2004/08/10 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: NVATABUS.SYS >
    [2006/03/16 16:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
    [2006/03/16 16:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

    < MD5 for: SCECLI.DLL >
    [2004/08/10 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < MD5 for: SYMMPI.SYS >
    [2005/11/17 10:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\dell\symmpi\symmpi.sys
    [2005/11/17 10:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\system32\drivers\symmpi.sys

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008/04/13 16:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
    [2011/01/01 21:51:34 | 000,070,144 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2resb.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    [2010/06/19 23:33:07 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users.WINDOWS\DRM:مايكروسوفت

    < End of report >


    Thanks

  8. #8
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hi

    ComboFix 11-01-29.02 - Tyler 01/29/2011 23:44:57.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1465 [GMT -8:00]
    Running from: c:\documents and settings\Tyler.TYLER-3FCDEF477\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Tyler.TYLER-3FCDEF477\Desktop\CFScript.txt
    AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    You posted the report log of the fourth run of combofix...You had run combofix four times....

    Can you tell me why combofix was ran 2 times more than what I had you ?

    ComboFix2.txt 2011-01-30 07:33
    ComboFix3.txt 2011-01-30 07:13

    I need to see the report logs of combofix to see if they deleted anything.

    Please go here C:\Qoobox open the Qoobox folder and locate the ComboFix-quarantined-files.txt file open it and copy and paste the contents of that file here.

    Also you did not performed the step with the script so combofix can get rid of the files...They are still showing in your report...You need to rerun it with the script that I provided.
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  9. #9
    Member
    Join Date
    Jan 2011
    Posts
    8
    Points
    0

    Default

    Sorry but i thought i didn't disable norton. First i set it as disable for 1 hour second I set as 5 hours just to make sure. As for missing step could you please tell me which one? Thanks

    2011-01-30 07:44:55 . 2011-01-30 07:44:55 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
    2011-01-30 07:11:46 . 2011-01-30 07:11:46 668 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe Reader Speed Launcher.reg.dat
    2011-01-30 07:11:46 . 2011-01-30 07:11:46 636 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe ARM.reg.dat
    2011-01-29 17:55:31 . 2011-01-29 17:55:31 626 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Tunebite.reg.dat
    2011-01-29 17:55:30 . 2011-01-29 17:55:30 638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SigmatelSysTrayApp.reg.dat
    2011-01-29 17:55:30 . 2011-01-29 17:55:30 592 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-PWRISOVM.reg.dat
    2011-01-29 17:55:30 . 2011-01-29 17:55:30 632 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-NeroFilterCheck.reg.dat
    2011-01-29 17:55:30 . 2011-01-29 17:55:30 634 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-NBKeyScan.reg.dat
    2011-01-29 17:55:30 . 2011-01-29 17:55:30 648 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MSN Toolbar.reg.dat
    2011-01-29 17:55:30 . 2011-01-29 17:55:30 720 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Microsoft Default Manager.reg.dat
    2011-01-29 17:55:30 . 2011-01-29 17:55:30 626 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-jswtrayutil.reg.dat
    2011-01-29 17:55:30 . 2011-01-29 17:55:30 652 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-jkss.reg.dat
    2011-01-29 17:55:29 . 2011-01-29 17:55:29 658 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-GrooveMonitor.reg.dat
    2011-01-29 17:55:29 . 2011-01-29 17:55:29 706 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-FlashPlayerUpdate.reg.dat
    2011-01-29 17:55:29 . 2011-01-29 17:55:29 532 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DXDllRegExe.reg.dat
    2011-01-29 17:55:29 . 2011-01-29 17:55:29 674 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-CloneDVDElbyDelay.reg.dat
    2011-01-29 17:55:29 . 2011-01-29 17:55:29 714 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}.reg.dat
    2011-01-29 17:55:29 . 2011-01-29 17:55:29 680 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AlcoholAutomount.reg.dat
    2011-01-29 17:55:29 . 2011-01-29 17:55:29 678 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe Acrobat Speed Launcher.reg.dat
    2011-01-29 17:55:18 . 2011-01-29 17:55:19 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
    2011-01-29 17:29:11 . 2011-01-30 07:47:30 8,998 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2011-01-29 17:13:25 . 2011-01-30 07:43:24 286 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2010-08-03 06:24:40 . 2010-09-02 07:24:37 87,608 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\inst.exe.vir
    2010-02-17 14:55:22 . 2010-02-17 14:55:22 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Tyler.TYLER-3FCDEF477\Application Data\chrtmp.vir
    2009-10-19 04:14:03 . 2009-10-19 05:02:26 87,608 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Tyler\Application Data\inst.exe.vir
    2007-02-13 02:10:44 . 2007-02-13 02:10:44 2,682,880 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\VCREDI~3.EXE.vir

  10. #10
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello again Equate5

    The step with the combofix script it seems that you executed but it fail to delete the entries that I script...We will use OTL to get them.




    Step 1.

    Let's fix some issues with OTL by doing the following:

    Double click on the Icon at your desktop to run it.
    (Vista users right click and run as an Admin.)
    Copy the lines in the codebox below. (make sure that :Otl is on the first line ) just highlight everything in the code box (starting with :Otl ) and copy and paste it into the 'Custom scan/fix' box on OTL.
    Code:
    :otl
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
    MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
    MsConfig - StartUpReg: NVHotkey - hkey= - key= - File not found
    MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
    MsConfig - StartUpReg: TaskMngr - hkey= - key= - File not found
    MsConfig - StartUpReg: UserFaultCheck - hkey= - key= - File not found
    [2011/01/25 20:40:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240BE.TMP
    [2011/01/29 22:45:56 | 000,000,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
    [2011/01/01 21:51:34 | 000,070,144 | RHS- | M] () -- C:\WINDOWS\System32\xpsp2resb.dll
    @Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users.WINDOWS\DRM:مايكروسوفت
    
    :Files
    ipconfig /flushdns /c
    %systemroot%\prefetch\*.*
    
    :commands
    [PURITY]
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [REBOOT]
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    • Click the red Run Fix button.

    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.


    Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

    if you lose the report, there will be a copy here:
    C:\_OTL\MovedFiles


    Step 2.

    * ESET Online Scan

    Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
    Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer
    .

    You can use either Internet Explorer or Mozilla FireFox for this scan.
    NOTE:This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
    To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu
    .
    • Please go here then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.

    NOTE: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
    If you did not save the ESETScan log, click Start > Run..., then type or copy and paste everything inside the code box below into the Open dialogue box:

    Code:
    C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Click Ok and the scan results will open in Notepad.
    • Copy and paste the contents of log.txt in your next reply.


    In some instances if no malware is found there will be no log produced.

    Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
    ~~~~~~~~~~~~~

    Error - 1/30/2011 4:14:31 AM | Computer Name = TYLER-3FCDEF477 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.
    Going over your otl report log I found that you have a bad block on your hard drive.

    Have you ever run a checkdisk on that computer...Sometimes it fixes problems with your hard drive.

    An exceptional drive that runs 400,000 hours may be offset in the average calculation by one that burns out after only 5,000 hours - and that early departer could be yours. You just never know.

    Warning Signs of Hard Drive Failure:

    If you start getting read/write errors, i. e., "cannot write to disk" or "cannot access file," something is going wrong. It may be the drive's firmware, and downloading the latest firmware update from the manufacturer's site could fix you right up. Or it may be corrupted, cross-linked files; run CHKDSK to find and fix such things. These are the easiest and cheapest problems to fix.

    CHKDSK comes with Windows, and it's pretty good at detecting bad files and physically damaged sectors. It will lock damaged sectors so that the computer will not attempt to write to them. To run CHKDSK, open a command prompt
    , then type CHKDSK C: /F /R then press Enter. This tells CHKDSK to scan for bad sectors, and fix any errors found. There are free utilities out there that run more thorough tests. One of the highly recommended utilities is Seagate SeaTools for Windows.

    Listen to your hard drive. If you hear a clicking sound, especially during startup, that's often a sign of a damaged disk, and impending data doom. Just like you can hear when a car engine is "laboring," you can often hear when a hard drive is working too hard. That means it's wearing out faster, just like an engine that climbs steep hills every day. If you hear vague rattling noises when your hard drive is accessing data, you should run a disk clean-up and defragmentation right away. The less the read/write head must move to find, read, and write data, the longer it will last. Move files off the hard drive onto CD or DVD to make more space on the hard drive, then optimize the disk space.

    If noises or errors become frequent, don't hope the problem will go away -- because it won't. Back up all your data and buy a new hard drive. Move everything onto the new drive. Wipe your sensitive data from the old drive using a disk-wiping utility that overwrites every sector so it is very difficult to read what was there. Then toss the old drive; do not keep it around as an "emergency" drive and do not use it as a secondary drive. You wouldn't count on an old car with a blown engine seal in emergencies or even for backup use, would you?

    follow the instructions in how to run a check disk:
    please run chkdsk:


    Running chkdsk may take some time to complete. Please be patient and do not use the computer, press any keys, or try to stop the chkdsk scan once it has started.
    • Right-click the Start button and select Explore
    • Navigate to your C: Drive, then right-click the drive and select Properties
    • In the Properties window that pops-up, click the Tools tab and then click on the button that says Check Now
    • If the User Account Control window pops-up asking for permission to run Check Disk, please click on Continue
    • In the Check Disk Options window that pops-up, place a check-mark in both boxes:
      • Automatically fix file system errors
      • Scan for and attempt recovery of bad sectors
    • Now click on Start.
    • A new window will pop-up saying, Windows can't check the disk while it's in use, click schedule disk check
    • Now shut-down your computer, not restart, and then turn on your computer.
    • When your computer turns on, you will see a black screen with white lettering, this is chkdsk running.
    • Let chkdsk run through its 5 Stages. When it is finished, your computer will boot to the desktop.


    Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    Summary of the logs I will need in your next reply:
    • The report log of OTL
    • The report log of Eset Online Scan.

    And a description of any remaining problems.

    How are things your end ???.


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Kind regards
    Net_Surfer
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

Page 1 of 2 12 LastLast