Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Member
    Join Date
    Apr 2010
    Posts
    21
    Points
    0

    Default Need help with Click.GiftLoad

    So I ran Spybot and it found a registry value for Click.GiftLoad which from what I am reading is a pretty dangerous file. Wondered if I could get some help.

    Spybot Search and Destroy Log:

    --- Report generated: 2011-03-22 20:56 ---

    Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2010-09-09 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-02-24 Includes\Adware.sbi (*)
    2011-03-15 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2010-11-30 Includes\Hijackers.sbi (*)
    2011-03-08 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2011-02-24 Includes\Malware.sbi (*)
    2011-03-16 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-03-15 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2011-03-08 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-03-15 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2010-12-28 Includes\Trojans.sbi (*)
    2011-03-15 Includes\TrojansC-02.sbi (*)
    2011-03-03 Includes\TrojansC-03.sbi (*)
    2011-03-08 Includes\TrojansC-04.sbi (*)
    2011-03-08 Includes\TrojansC-05.sbi (*)
    2011-03-08 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll


    Hijack This Log File:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:22:59 PM, on 3/22/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
    C:\Program Files\CA\eTrustITM\InoRpc.exe
    C:\Program Files\CA\eTrustITM\InoRT.exe
    C:\Program Files\CA\eTrustITM\InoTask.exe
    C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
    C:\WINDOWS\system32\StacSV.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Xobni\XobniService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\CA\eTrustITM\realmon.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Secunia\PSI\psi.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Jmiller.EKSTROM\Desktop\HiJackThis.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080806
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://FTP.BROOKSUPG.COM/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [CAHeadless] C:\Program Files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [PhotoshopElements8SyncAgent] C:\Program Files\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1263579131491
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1263579118101
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - https://ejb-dwhs.ejbrooks.com:444/vi...ivexviewer.cab
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activ...eX_Control.cab
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab...l_4.3.13.0.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://35.8.108.139/activex/AMC.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://brooksutilityproducts.webex....ex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ekstrom.com
    O17 - HKLM\Software\..\Telephony: DomainName = ekstrom.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ekstrom.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ekstrom.com
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
    O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
    O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

    --
    End of file - 16030 bytes


    MalwareBytes Log


    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes

    Database version: 6137

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/22/2011 9:31:57 PM
    mbam-log-2011-03-22 (21-31-57).txt

    Scan type: Quick scan
    Objects scanned: 193428
    Time elapsed: 6 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  2. #2
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,178
    Points
    89
    Blog Entries
    4

    Default

    Hello Sparty2QP and Welcome to the Help2Go Spyware Help Forum

    Sorry for the delay!!
    .


    My nick is Net_Surfer and I will be helping you with your malware issues, this may or may not solve other issues you may have with your machine.

    Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

    I would also like to inform you that most of us here at Help2Go support forums offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!


    Please be patient and I'd be grateful if you would note the following:

    The cleaning process is not instant. Combofix, OTL and hijackthis logs can take some time to research, I use Google as resource to research what the problem is just to understand some of the infections that are infecting the computer and understand where I need to focus more on to ensure that the member get the best and honest service.

    so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.


    1. Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
    2. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    3. Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. Never will there be an all in one solution for repairing an infected computer. You must have a great arsenal of utilities that can take care of what another program may miss or isn't as specialized as another.
    4. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
    5. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
    6. Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.
    Just because you can't see a problem doesn't mean it isn't there.

    If you can do these things, everything should go smoothly!


    OK..If you have a Vista or Win7 computer ensure that you right click on the tools and run them as an Admin. IF XP double click on the program to run them.

    Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
    Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

    Please carefully follow the next set of steps:


    If you can not download and run the following tools, then I would like for you to try another approach:

    If you have the use of another computer please either use a Flash Drive or a CD to download the following and transfer them for use on the infected machine.
    Be sure you put them on the desktop of the infected computer.


    Step 1.

    * exeHelper by Raktor.

    Please download: exeHelper to your desktop.
    Double-click on exeHelper.com to run the fix.
    A black window should pop up, press any key to close once the fix is completed.
    Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Step 2.

    * After running exeHelper download and run Rkill and ("without rebooting") run the combofix step and run them using this instructions:

    We need to use the RKill Tool by Grinler

    Rkill.com <--- Download site
    • Please Download Rkill.com. Save it to your Desktop.
    • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
    • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.
    • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
    • Please be patient while the program looks for various malware programs and ends them.
    • When it has finished, the black window will automatically close and you can continue with the next step.


    NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Antivirus Suite when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.


    If you continue having problems running rkill.com, you can download:
    iExplore.exe or eXplorer.exe
    which are renamed copies of rkill.com, and try them instead.

    [b]*If the tool does not run from any of the links, Please tell me about it.

    Note:
    Please do not reboot your system until you have completed the following step, or the Malware will restart itself:


    Step 3.

    * Please visit this webpage for instructions for downloading and running ComboFix if you have problems running it:

    Please download ComboFix from one of the following mirrors, and save it to your desktop.
    Warning: This tool is not a toy and not for everyday use!.
    Link 1
    Link 2
    Link 3
    • Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
    • Please insert all usb-drives before running Combofix
    • Close any open browsers.
    • Double click on your desktop.
      If using Vista/Win7, right-click and Run as Administrator...
    • Read and accept (Press Yes) to the disclaimer. *If using Windows XP... Please allow Combofix tool to download and install the Microsoft Recovery Console.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
      Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
      **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
    • *Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

      Post the log from ComboFix in your next reply.


    *EXTRA NOTES*

    * If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    * If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    * If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Summary of the logs I will need in your next reply:
    • ExeHelper log.
    • The Rkill log.
    • The ComboFix log.

    How are things your end ?


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

    Kind regards
    Net_Surfer
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  3. #3
    Member
    Join Date
    Apr 2010
    Posts
    21
    Points
    0

    Default

    Thanks...

    I am running XP with CA eTrust ITM. When I right click on the icon in the tray, it gives me an antivirus option, but when I change the direction of the scan from "Ingoing and outgoing files" to "Disabled" it does not activate the "Apply" button, so I dont know how to disable it...

    Any thoughts?


  4. #4
    Member
    Join Date
    Apr 2010
    Posts
    21
    Points
    0

    Default

    Also, if it makes a difference, it behaves this way logged in under my name and under Administrator.

  5. #5
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,178
    Points
    89
    Blog Entries
    4

    Default

    CA Internet Security Suite 2010

    * To turn off the Firewall, right-click on the CA Shield icon in the system tray, click My Internet, then click Disable Firewall.
    * To turn it back on, right click system tray icon, click My Internet, then click Enable Firewall.


    * To temporarily disable the Antivirus, right-click the CA Shield icon in the system tray, click My Computer, then click Enable Snooze.
    * Enter the snooze time in minutes (up to 999, approx 16 2/3 hours) in the box and click Snooze.
    * To end snooze, follow the same procedure and click Wake Now on the page for entering snooze time.
    * To disable Antivirus on a longer basis, double-click the CA Shield icon in the system tray.
    * When Security Center comes up, click Update Settings in the My Computer tab.
    * Then click the red X next to Auto Scan.
    * To re-enable, follow the same procedure and click the green checkmark.

    You can see the list of all antivirus instructions:

    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    If still can not disable it...then try running combofix with your antivirus just ignore the warning...or you can uninstall your antivirus and re-install it back when we are done.
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  6. #6
    Member
    Join Date
    Apr 2010
    Posts
    21
    Points
    0

    Default Logs...

    exeHelper

    exeHelper by Raktor
    Build 20100414
    Run at 07:43:03 on 03/23/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--


    rKill

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 03/23/2011 at 7:44:21.
    Operating System: Microsoft Windows XP

    Processes terminated by Rkill or while it was running:

    Rkill completed on 03/23/2011 at 7:44:25.


    ComboFix

    ComboFix 11-03-22.09 - Jmiller 03/23/2011 8:00.6.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1258 [GMT -4:00]
    Running from: c:\documents and settings\Jmiller.EKSTROM\Desktop\ComboFix.exe
    AV: eTrust ITM *Disabled/Updated* {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\callingcard\CallingCard.exe
    c:\documents and settings\All Users\ntuser.pol
    c:\documents and settings\Jmiller.EKSTROM\g2mdlhlpx.exe
    C:\Install.exe
    c:\windows\system32\SysInfo.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-21 23:47 . 2011-03-21 23:47 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-03-21 23:44 . 2011-03-21 23:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
    2011-03-21 16:57 . 2011-03-21 16:57 -------- d-----w- c:\program files\Common Files\Java
    2011-03-21 16:56 . 2011-03-21 16:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-03-16 00:43 . 2011-03-16 00:43 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
    2011-03-16 00:42 . 2011-03-16 00:42 -------- d-----w- c:\program files\YouTube Downloader
    2011-03-07 15:49 . 2011-03-07 15:49 -------- d-----w- c:\program files\freestar
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-23 12:10 . 2008-08-25 15:00 0 ----a-w- c:\documents and settings\Jmiller.EKSTROM\Local Settings\Application Data\WavXMapDrive.bat
    2011-03-21 23:44 . 2008-08-06 18:49 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
    2011-03-21 16:56 . 2010-04-26 19:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-09 13:53 . 2004-08-11 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58 . 2004-08-11 22:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2004-08-11 22:11 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2004-08-11 22:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-11 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-11 22:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-29 68856]
    "CAHeadless"="c:\program files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-18 615808]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-21 2423752]
    "PhotoshopElements8SyncAgent"="c:\program files\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe" [2009-09-18 1893728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
    "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
    "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
    "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056]
    "Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2010-09-24 58808]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
    "Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 738776]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
    "Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-17 407632]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
    .
    c:\documents and settings\Jmiller.EKSTROM\Start Menu\Programs\Startup\
    Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-6 50688]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
    2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
    R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 2:16 PM 93960]
    R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
    R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [5/20/2010 1:46 PM 55016]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/1/2010 3:15 PM 136176]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [1/26/2009 2:07 PM 16512]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 12:58 PM 11336]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 6:00 PM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
    .
    2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 19:15]
    .
    2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 19:15]
    .
    2011-03-23 c:\windows\Tasks\User_Feed_Synchronization-{A8848465-9B1F-4E9C-8EF8-E8AA781D51C8}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://my.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = ftp://FTP.BROOKSUPG.COM/
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    Trusted Zone: delta.com\www
    Trusted Zone: ekstrom-metering.com\mail
    Trusted Zone: go.com\r.espn
    Trusted Zone: yahoo.com\login
    DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} - hxxps://ejb-dwhs.ejbrooks.com:444/viewer10/ActiveXControls/activexviewer.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://35.8.108.139/activex/AMC.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-03-23 08:10
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(696)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
    c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
    c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
    .
    - - - - - - - > 'explorer.exe'(3944)
    c:\windows\system32\WININET.dll
    c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
    c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
    c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Roxio\Drag-to-Disc\Shellex.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
    c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\CA\SharedComponents\iTechnology\igateway.exe
    c:\program files\CA\eTrustITM\InoRpc.exe
    c:\program files\CA\eTrustITM\InoRT.exe
    c:\program files\CA\eTrustITM\InoTask.exe
    c:\program files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
    c:\windows\system32\StacSV.exe
    c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    c:\program files\CA\eTrustITM\ppcl.exe
    c:\program files\CA\eTrustITM\ppcl.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Apoint\ApMsgFwd.exe
    c:\program files\Apoint\HidFind.exe
    c:\program files\Apoint\Apntex.exe
    c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-23 08:19:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-23 12:19
    ComboFix2.txt 2010-08-24 17:41
    ComboFix3.txt 2010-07-01 14:51
    .
    Pre-Run: 43,104,333,824 bytes free
    Post-Run: 43,108,712,448 bytes free
    .
    - - End Of File - - FD227E6405297D401FE7AF76AD302B4F

  7. #7
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,178
    Points
    89
    Blog Entries
    4

    Default

    Hello again sparty2qp


    P2P (File Sharing) Warning!

    P2P file sharing: >>> Know the risks <<<


    Going over your logs I noticed that you have been using P2P programs!!!

    Please note that as long as you're using any form of Peer-to-Peer networking (Morpheus, Ares, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

    Once upon a time, P2P file sharing was fairly safe. That is no longer true.
    P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

    Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
    When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

    There are some very good reasons for this, and they are for your protection:


    From a security standpoint, p2p forms a direct connection into your computer and circumvents or by passes most security, Anti-Malware and firewall software or hardware.

    Any type of security on these programs is poor at best and non existent on some, this could lead to Malware being downloaded into your computer without your knowledge.

    Additionally, in cases where the program has not been configured correctly, a lot more than your music files have finished up being shared with others.

    Passwords, PIN numbers, bank accounts, and other personal details have been harvested by the unscrupulous for their own gain at your expense.

    Have a read of the below article to see where that happened:

    Update: Seattle man arrested for p-to-p ID theft | InfoWorld | News | 2007-09-06 | By Robert McMillan, IDG News Service


    Peer-to-peer file sharing, or P2P, has become enormously popular because it allows users to easily exchange music and video files over the Internet. Tens of millions of people use P2P applications such as Limewire, eDonkey and BearShare to fill their MP3 players and hard Are You Leaking Your "State Secrets" Over P2P? drives with all the music and movies they want, all for free. But even "free" has a cost.

    In addition to violating copyright laws, there are other potential dangers when downloading files via P2P. For instance, hackers know that source files on P2P networks are not being validated, so it's easy to trick you into downloading a virus or spyware instead of the Justin Beiber video you thought you were getting.

    The other major issue is the simple fact that P2P programs share your data with all of the other P2P users in cyberspace. Because of this, there is a good chance you might unknowingly share your most precious and private data with the rest of the world. During installation P2P programs scan your hard drive, looking for files to share. If you do not exercise caution, your entire hard drive, including any confidential documents it may contain, could be left wide open for anyone to access. Think about the files you have on your PC right now. Are you storing documents that have your passwords, Social Security number, or bank account information? If you have P2P software on your PC, you could be targeted for identity theft.

    A criminal hacker can locate sensitive information on other P2P users' PCs by performing a quick search for a few keywords: "passwords," "taxes," "banking," etc. The search turns up documents that the hacker can download. It's that simple.

    Digging through P2P networks for my own research, I've uncovered tax returns, student loan applications, credit reports, and Social Security numbers. I've found love letters, private photos, videos, and just about anything else that can be saved as a digital file. P2P networks have even exposed details on a U.S. Secret Service safe house for the president and his family, and revealed blueprints for President Obama's private helicopter. While you probably don't have state secrets stored on your PC, you should still take care to keep your sensitive files safe.

    Here are some tips to protect you from accidentally sharing data on a P2P network:

    * The smartest way to stay safe is not to install P2P software on your computer in the first place
    * If you think a family member may have installed P2P software on their computer, check for new, unfamiliar applications. A look at your "All Programs Menu" will show nearly every program on your computer. If you see one you don't recognize, do an online search to see if it is a P2P application
    * Set administrative privileges on your computer to prevent the installation of new software without your knowledge
    * Use comprehensive security software such as McAfee® Total Protection and keep it up to date
    * Make sure your firewall is enabled, and if an application asks you to change your settings to enable access to the Internet, don't allow it

    To protect your identity, use McAfee Identity Protection which continually monitors your information and works to proactively protect you and will be there to assist you in the event that your identity is compromised.

    P2P file sharing can be tempting, but in most cases, the costly dangers just aren't worth it.

    Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

    It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


    Please carefully follow my next set of steps:

    Step 1.

    Update Adobe Reader

    Adobe Reader X secures itself by playing in the sandbox

    Vulnerabilities in Adobe Reader have been a common target for hackers and malware distributors attempting to gain access to your computer. On November 18th, Adobe has released Adobe Reader X, which incorporates sandbox technology to protect your computer from unknown vulnerabilities that may be discovered in the future.

    This new sandbox feature is named Adobe Reader Protected Mode and it enabled by default when you install the new Adobe Reader X. When enabled, all operations that Adobe Reader uses to display a PDF document will be run in a restricted and confined environment called a Sandbox. It is important to note, that sandboxing an application is more secure when that application is run under Windows Vista or Windows 7 as they support integrity levels.

    This sandbox will help to prevent future vulnerabilities that may allow malicious PDF documents that are opened by Adobe Reader to access the configuration and file structure of your computer. That means that the malicious PDF will no longer be able to install malware, change registry settings, or create files on your computer.

    Unfortunately, when you install Adobe Reader X it will reset any configuration settings that you used in the past to secure Reader. Therefore, after installing Adobe Reader X make sure you do the following steps:

    Disable Javascript - When the program is open, click on Edit and select Preferences. Then click on the Javascript category and uncheck Enable Acrobat Javascript.

    Disable Windows Trusted Sites - When the program is open, click on Edit and select Preferences. Then click on the Security (Enhanced) category and uncheck Automatically trust sites from my Win OS security zones.

    Secure Trust Manager - When the program is open, click on Edit and select Preferences. Then click on the Trust Manager category and uncheck Allow opening of non-PDF file attachments with external applications.

    As long as you secure Reader again after installing Reader X, it is suggested that all users uninstall their previous versions of this program and immediately install Adobe Reader X. Not only will this protect you from any current vulnerabilities, but will also protect you from any future ones. That is until the malware developers learn how to bypass this new feature. For now, though, if you plan on using Adobe Reader, then there is no excuse not to install Adobe Reader X.
    Posted: By Lawrence Abrams.


    Earlier versions of Adobe Reader have known security flaws. It is strongly recommended that you update your copy
    • Go to Start > Control Panel > Add/Remove Programs or Programs and Features in Vista/win7
    • Remove ALL instances of Adobe Reader
    • Re-boot your computer as required.
    • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader.


    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.


    Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >>here<< Foxit Reader has fewer add-ons therefore loads more quickly.

    NOTE: Note: When installing FoxitReader, be careful not to install anything to do with AskBar.


    Step 2.

    • Download: >>> OTL by Old Timer <<< to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check
    .

    .

    • Now copy the lines below.

      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      CREATERESTOREPOINT


    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


      .
    • Click the Run Scan button.


    • Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

    =========

    Regards
    Net_Surfer
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  8. #8
    Member
    Join Date
    Apr 2010
    Posts
    21
    Points
    0

    Default

    Uninstalled P2P
    Uninstalled Acrobat Reader
    Installes ReaderX
    Ran OTL

    OTL.Txt

    OTL logfile created on: 3/24/2011 3:43:42 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jmiller.EKSTROM\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.69 Gb Total Space | 40.47 Gb Free Space | 36.23% Space Free | Partition Type: NTFS

    Computer Name: PRODUCTMAN01 | User Name: Jmiller | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Jmiller.EKSTROM\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\CA\eTrustITM\InoTask.exe (CA)
    PRC - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe (CA, Inc.)
    PRC - C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)
    PRC - C:\Program Files\CA\eTrustITM\InoRPC.exe (CA)
    PRC - C:\Program Files\CA\eTrustITM\InoRT.exe (CA)
    PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    PRC - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe (Sling Media Inc.)
    PRC - C:\Program Files\Secunia\PSI\psi.exe (Secunia)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
    PRC - C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
    PRC - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
    PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
    PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
    PRC - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe (CA, Inc.)
    PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\CA\eTrustITM\Realmon.exe (CA)
    PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
    PRC - C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
    PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Jmiller.EKSTROM\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\hccutils.dll (Intel Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (HidServ) -- File not found
    SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
    SRV - (InoTask) -- C:\Program Files\CA\eTrustITM\InoTask.exe (CA)
    SRV - (ITMRTSVC) -- C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe (CA, Inc.)
    SRV - (XobniService) -- C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)
    SRV - (InoRPC) -- C:\Program Files\CA\eTrustITM\InoRpc.exe (CA)
    SRV - (InoRT) -- C:\Program Files\CA\eTrustITM\InoRT.exe (CA)
    SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (SlingAgentService) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe (Sling Media Inc.)
    SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
    SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
    SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
    SRV - (WaveEnrollmentService) -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe (Wave Systems Corp.)
    SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
    SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
    SRV - (iGateway) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe (CA, Inc.)
    SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
    DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
    DRV - (INO_FLTR) -- C:\WINDOWS\system32\drivers\ino_fltr.sys (Computer Associates)
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
    DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)
    DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
    DRV - (WaveFDE) -- C:\WINDOWS\system32\drivers\WaveFDE.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (INO_FLPY) -- C:\WINDOWS\system32\Drivers\ino_flpy.sys (Computer Associates)
    DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
    DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
    DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
    DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
    DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
    DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
    DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
    DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
    DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
    DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
    DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
    DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
    DRV - (DXEC01) -- C:\WINDOWS\system32\drivers\dxec01.sys (Knowles Acoustics)
    DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
    DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080806
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080806

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://streak.espn.go.com/en/"
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: fontfinder@bendodson.com:1.0
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
    FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
    FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.3
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"



    [2010/04/07 12:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\Mozilla\Extensions
    [2011/03/21 07:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\Mozilla\Firefox\Profiles\vcjdi4ao.default\extensions
    [2010/06/24 11:09:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\Mozilla\Firefox\Profiles\vcjdi4ao.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/06/24 11:09:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\Mozilla\Firefox\Profiles\vcjdi4ao.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/03/21 07:47:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\Mozilla\Firefox\Profiles\vcjdi4ao.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2010/04/07 12:46:53 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\Mozilla\Firefox\Profiles\vcjdi4ao.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
    [2011/03/15 20:36:45 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\Mozilla\Firefox\Profiles\vcjdi4ao.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    [2010/04/07 12:46:53 | 000,000,000 | ---D | M] (Font Finder) -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\Mozilla\Firefox\Profiles\vcjdi4ao.default\extensions\fontfinder@bendodson.com
    [2011/03/21 12:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/26 15:00:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/11/10 09:47:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2009/11/24 21:16:27 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\JMILLER.EKSTROM\APPLICATION DATA\MOVE NETWORKS
    File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
    [2011/03/21 12:56:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    File not found (No name found) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
    [2010/11/10 09:46:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/03/23 08:10:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - No CLSID value found.
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrustITM\realmon.exe (CA)
    O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
    O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
    O4 - HKCU..\Run: [CAHeadless] C:\Program Files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [PhotoshopElements8SyncAgent] C:\Program Files\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    O4 - Startup: C:\Documents and Settings\Jmiller.EKSTROM\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: delta.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ekstrom-metering.com ([mail] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: go.com ([r.espn] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsof...?1263579131491 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1263579118101 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} https://ejb-dwhs.ejbrooks.com:444/vi...ivexviewer.cab (Crystal ActiveX Report Viewer Control 10.0)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activ...eX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab...l_4.3.13.0.cab (SysInfo Class)
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://35.8.108.139/activex/AMC.cab (AxisMediaControlEmb Class)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://brooksutilityproducts.webex....ex/ieatgpc.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ekstrom.com
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
    O24 - Desktop WallPaper: C:\Documents and Settings\Jmiller.EKSTROM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jmiller.EKSTROM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (56590081070202880)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/24 15:37:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jmiller.EKSTROM\Desktop\OTL.exe
    [2011/03/24 15:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jmiller.EKSTROM\Local Settings\Application Data\Temp
    [2011/03/24 15:30:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
    [2011/03/24 06:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
    [2011/03/24 06:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
    [2011/03/24 06:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
    [2011/03/24 06:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2011/03/24 06:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
    [2011/03/24 06:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
    [2011/03/23 09:16:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/03/21 12:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/03/21 12:56:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/03/21 12:56:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/03/21 12:56:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/03/21 12:56:25 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2011/03/15 20:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
    [2011/03/15 20:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
    [2011/03/14 13:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jmiller.EKSTROM\My Documents\New Folder
    [2011/03/09 14:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jmiller.EKSTROM\My Documents\UL
    [2011/03/07 11:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\freestar
    [2011/03/07 11:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jmiller.EKSTROM\Start Menu\Programs\freestar
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/03/24 15:37:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jmiller.EKSTROM\Desktop\OTL.exe
    [2011/03/24 15:25:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/24 13:25:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/24 12:52:44 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A8848465-9B1F-4E9C-8EF8-E8AA781D51C8}.job
    [2011/03/24 06:50:53 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/03/24 06:42:46 | 000,447,006 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/03/24 06:42:46 | 000,074,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/03/24 06:39:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jmiller.EKSTROM\Local Settings\Application Data\WavXMapDrive.bat
    [2011/03/24 06:38:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/03/24 06:37:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/03/24 06:37:52 | 2136,965,120 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/24 06:37:52 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/03/24 06:22:44 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
    [2011/03/24 06:22:44 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2011/03/23 20:12:37 | 000,036,953 | ---- | M] () -- C:\Documents and Settings\Jmiller.EKSTROM\My Documents\CMP_letter.pdf
    [2011/03/23 08:10:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/03/22 16:57:57 | 000,001,834 | -H-- | M] () -- C:\Documents and Settings\Jmiller.EKSTROM\My Documents\Default.rdp
    [2011/03/21 20:54:30 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Jmiller.EKSTROM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/03/21 12:56:02 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/03/21 12:56:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/03/21 12:56:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/03/21 12:56:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2011/03/21 12:56:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2011/03/19 16:59:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/03/15 20:42:29 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
    [2011/03/14 11:34:57 | 000,029,906 | ---- | M] () -- C:\Documents and Settings\Jmiller.EKSTROM\My Documents\3111-T REV-1.pdf
    [2011/03/14 07:23:47 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\Jmiller.EKSTROM\Desktop\Shortcut to MD products.lnk
    [2011/03/09 10:22:47 | 000,001,573 | ---- | M] () -- C:\Documents and Settings\Jmiller.EKSTROM\Desktop\Remote Desktop Connection.lnk
    [2011/03/09 08:26:37 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/03/07 11:52:38 | 002,151,200 | ---- | M] () -- C:\VN-20110307-00001.mp3
    [2011/03/07 11:49:15 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\Jmiller.EKSTROM\Desktop\FreeStar AMR MP3 Converter.lnk
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/03/24 06:50:53 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2011/03/24 06:50:53 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/03/24 06:22:44 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
    [2011/03/24 06:22:44 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2011/03/23 20:12:37 | 000,036,953 | ---- | C] () -- C:\Documents and Settings\Jmiller.EKSTROM\My Documents\CMP_letter.pdf
    [2011/03/15 20:42:29 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
    [2011/03/14 11:34:57 | 000,029,906 | ---- | C] () -- C:\Documents and Settings\Jmiller.EKSTROM\My Documents\3111-T REV-1.pdf
    [2011/03/14 07:24:00 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\Jmiller.EKSTROM\Desktop\Shortcut to MD products.lnk
    [2011/03/07 11:52:35 | 002,151,200 | ---- | C] () -- C:\VN-20110307-00001.mp3
    [2011/03/07 11:49:15 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\Jmiller.EKSTROM\Desktop\FreeStar AMR MP3 Converter.lnk
    [2010/11/18 16:08:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2010/10/08 16:32:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/09/13 21:17:20 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2010/09/07 12:36:08 | 000,009,971 | ---- | C] () -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\Comma Separated Values (DOS).CAL
    [2010/07/01 10:32:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/07/01 10:32:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/07/01 10:32:30 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/07/01 10:32:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/07/01 10:32:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/07/01 05:57:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/04/07 12:41:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/04/06 10:08:09 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jburalepinubesi.dat
    [2010/04/06 10:08:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twekuxeruxile.bin
    [2010/04/06 10:04:22 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat
    [2010/02/26 16:12:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009/06/19 22:21:37 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
    [2008/11/17 10:59:50 | 000,009,975 | ---- | C] () -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\Comma Separated Values (Windows).CAL
    [2008/10/02 14:07:51 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw43.bin
    [2008/08/28 10:45:35 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\Jmiller.EKSTROM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/08/27 14:36:21 | 000,000,113 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/08/27 14:05:17 | 000,000,212 | ---- | C] () -- C:\WINDOWS\pltalert.ini
    [2008/08/27 14:04:14 | 000,000,141 | ---- | C] () -- C:\WINDOWS\DiagMan.ini
    [2008/08/27 14:03:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\tslv.dll
    [2008/08/27 14:03:23 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\exportmodeller.dll
    [2008/08/27 14:03:23 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
    [2008/08/27 14:03:23 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
    [2008/08/25 11:00:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jmiller.EKSTROM\Local Settings\Application Data\WavXMapDrive.bat
    [2008/08/06 15:07:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/08/06 14:50:45 | 000,000,306 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/08/06 14:45:55 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2008/08/06 14:45:54 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
    [2008/08/06 14:45:53 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2008/08/06 14:38:50 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
    [2008/08/06 14:36:15 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
    [2008/08/06 14:36:15 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
    [2008/08/06 14:05:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
    [2008/08/06 14:05:55 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
    [2008/08/06 14:05:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
    [2008/08/06 14:04:21 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2007/09/13 15:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
    [2007/09/13 15:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
    [2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
    [2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
    [2007/09/13 15:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
    [2007/09/13 15:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
    [2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
    [2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
    [2007/09/13 15:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
    [2007/09/13 15:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
    [2007/09/13 15:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
    [2007/09/13 15:32:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\CacheFP.exe
    [2007/09/12 16:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
    [2007/09/12 16:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
    [2007/09/12 16:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
    [2007/09/12 16:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
    [2007/09/12 16:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
    [2007/09/12 16:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
    [2007/09/12 16:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
    [2007/09/12 16:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
    [2007/09/12 16:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
    [2007/09/12 16:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
    [2007/09/10 10:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
    [2007/06/15 11:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
    [2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
    [2006/06/12 09:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
    [2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
    [2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
    [2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/11 18:06:43 | 000,274,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/11 18:00:45 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
    [2004/08/11 18:00:45 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
    [2004/08/11 18:00:45 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
    [2004/08/11 18:00:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
    [2004/08/11 18:00:45 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
    [2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/11 18:00:28 | 000,447,006 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/11 18:00:28 | 000,074,046 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2001/02/22 15:08:00 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\p2solap.dll
    [2000/04/20 13:14:00 | 000,031,785 | ---- | C] () -- C:\WINDOWS\System32\UFLJUL.DLL
    [2000/04/20 13:14:00 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\U2LJUL.DLL
    [2000/01/07 04:15:00 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\p2molap.dll
    [1999/12/10 03:17:00 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\p2smcube.dll
    [1998/12/31 11:19:00 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\u2lpsql.dll

    ========== LOP Check ==========

    [2010/11/18 16:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlazeVideo
    [2009/12/02 13:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2009/12/04 12:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
    [2008/08/06 14:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
    [2010/10/27 19:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2008/08/28 18:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sling Media
    [2010/02/18 14:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2010/09/29 09:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/04/26 14:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2008/08/06 14:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
    [2010/05/08 17:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/04/28 07:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2008/11/17 17:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\EPSON
    [2009/12/04 12:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\FileOpen
    [2009/12/02 12:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\No Company Name
    [2010/09/28 15:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
    [2010/09/13 21:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\Research In Motion
    [2008/12/22 12:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\Snapfish
    [2011/03/24 06:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\uTorrent
    [2010/04/26 12:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\Wave Systems Corp
    [2010/08/26 11:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jmiller.EKSTROM\Application Data\webex
    [2011/03/24 12:52:44 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A8848465-9B1F-4E9C-8EF8-E8AA781D51C8}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
    [2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2009/07/07 10:13:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2009/07/07 10:13:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
    [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
    [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
    [2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2009/07/07 10:13:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2009/07/07 10:13:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
    [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
    [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
    [2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
    [2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
    [2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
    [2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
    [2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
    [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    < End of report >


    Extras.Txt

    OTL Extras logfile created on: 3/24/2011 3:43:42 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jmiller.EKSTROM\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.69 Gb Total Space | 40.47 Gb Free Space | 36.23% Space Free | Partition Type: NTFS

    Computer Name: PRODUCTMAN01 | User Name: Jmiller | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "5985:TCP" = 5985:TCP:*isabled:Windows Remote Management
    "80:TCP" = 80:TCP:*isabled:Windows Remote Management - Compatibility Mode (HTTP-In)
    "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
    "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
    "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
    "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
    "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
    "C:\Documents and Settings\Jmiller.EKSTROM\Desktop\utorrent.exe" = C:\Documents and Settings\Jmiller.EKSTROM\Desktop\utorrent.exe:*:Enabled:µTorrent
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "c:\documents and settings\jmiller.ekstrom\local settings\application data\asam.exe" = c:\documents and settings\jmiller.ekstrom\local settings\application data\asam.exe:*:Enabled:enable
    "C:\WINDOWS\instsrv.exe" = C:\WINDOWS\instsrv.exe:*:Enabled:eTrust Antivirus Remote Installation Program
    "C:\Program Files\CA\eTrustITM\InoRpc.exe" = C:\Program Files\CA\eTrustITM\InoRpc.exe:*:Enabled:eTrust ITM - RPC Service -- (CA)
    "C:\Program Files\CA\eTrustITM\Realmon.exe" = C:\Program Files\CA\eTrustITM\Realmon.exe:*:Enabled:eTrust ITM - Realtime monitor -- (CA)
    "C:\Program Files\CA\eTrustITM\Shellscn.exe" = C:\Program Files\CA\eTrustITM\Shellscn.exe:*:Enabled:eTrust ITM - Shell Scanner -- (CA)
    "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
    "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
    "{107558C8-458B-45EA-A0FE-7CC10D687DB6}" = CA eTrustITM Agent
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
    "{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
    "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel
    "{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
    "{4DF579D1-3B63-4F06-AB27-E95C3F5484C3}" = ISGI BoltOn Application
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
    "{519718D0-408F-11D4-B827-00805F2A1965}" = VBA (2720)
    "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
    "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
    "{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
    "{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
    "{847501DF-07C0-4691-B04A-893929F108AE}" = CA iTechnology iGateway
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
    "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
    "{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
    "{C21C30F2-521C-4F86-882E-60CDCE615FBD}" = Intel(R) IPP Run-Time Installer 5.3 for Windows* on IA-32
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser
    "{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
    "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
    "{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
    "{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
    "{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
    "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
    "{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
    "{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
    "{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
    "{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "ActiveTouchMeetingClient" = WebEx
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AXIS Media Control Embedded" = AXIS Media Control Embedded
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
    "BlazeDVD 6.0_is1" = BlazeDVD 6.0
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "eBackOffice 7.2 (Client)" = eBackOffice 7.2 (Client)
    "EPSON Scanner" = EPSON Scan
    "ESET Online Scanner" = ESET Online Scanner v3
    "FLAC" = FLAC 1.2.1b (remove only)
    "FLV Player" = FLV Player 2.0 (build 25)
    "FreeStar Free AMR MP3 Converter" = FreeStar Free AMR MP3 Converter 1.0.4
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
    "InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
    "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
    "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
    "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
    "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Standard)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
    "PremElem80" = Adobe Premiere Elements 8.0
    "Secunia PSI" = Secunia PSI
    "Service Pack 5" = Service Pack 5
    "SMALLBUSINESSR" = Microsoft Office Small Business 2007
    "SpywareBlaster_is1" = SpywareBlaster 4.3
    "Veetle TV" = Veetle TV 0.9.18
    "WAV to MP3 Encoder" = WAV to MP3 Encoder
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XobniMain" = Xobni
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/23/2011 7:26:11 PM | Computer Name = PRODUCTMAN01 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6337625

    Error - 3/23/2011 7:41:44 PM | Computer Name = PRODUCTMAN01 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/23/2011 7:41:45 PM | Computer Name = PRODUCTMAN01 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7271063

    Error - 3/23/2011 7:41:45 PM | Computer Name = PRODUCTMAN01 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7271063

    Error - 3/24/2011 12:08:48 AM | Computer Name = PRODUCTMAN01 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 3/24/2011 6:37:58 AM | Computer Name = PRODUCTMAN01 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 3/24/2011 6:37:58 AM | Computer Name = PRODUCTMAN01 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 3/24/2011 6:38:17 AM | Computer Name = PRODUCTMAN01 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 3/24/2011 6:38:24 AM | Computer Name = PRODUCTMAN01 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 3/24/2011 2:37:58 PM | Computer Name = PRODUCTMAN01 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    [ OSession Events ]
    Error - 1/20/2009 10:44:27 AM | Computer Name = PRODUCTMAN01 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2488
    seconds with 240 seconds of active time. This session ended with a crash.

    Error - 4/19/2009 8:11:48 PM | Computer Name = PRODUCTMAN01 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
    lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

    Error - 1/10/2011 10:55:21 AM | Computer Name = PRODUCTMAN01 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8631
    seconds with 1260 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 3/24/2011 3:27:09 AM | Computer Name = PRODUCTMAN01 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 479 minutes. NtpClient has no source of accurate
    time.

    Error - 3/24/2011 6:36:43 AM | Computer Name = PRODUCTMAN01 | Source = DCOM | ID = 10010
    Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
    with DCOM within the required timeout.

    Error - 3/24/2011 6:37:58 AM | Computer Name = PRODUCTMAN01 | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain EKSTROM due to the following:
    %%1311. Make sure that the computer is connected to the network and try again. If
    the problem persists, please contact your domain administrator.

    Error - 3/24/2011 6:38:43 AM | Computer Name = PRODUCTMAN01 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 3/24/2011 6:53:54 AM | Computer Name = PRODUCTMAN01 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 29 minutes. NtpClient has no source of accurate
    time.

    Error - 3/24/2011 7:23:54 AM | Computer Name = PRODUCTMAN01 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 59 minutes. NtpClient has no source of accurate
    time.

    Error - 3/24/2011 8:23:55 AM | Computer Name = PRODUCTMAN01 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 119 minutes. NtpClient has no source of accurate
    time.

    Error - 3/24/2011 10:23:56 AM | Computer Name = PRODUCTMAN01 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 239 minutes. NtpClient has no source of accurate
    time.

    Error - 3/24/2011 1:40:16 PM | Computer Name = PRODUCTMAN01 | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain EKSTROM due to the following:
    %%1311. Make sure that the computer is connected to the network and try again. If
    the problem persists, please contact your domain administrator.

    Error - 3/24/2011 2:23:55 PM | Computer Name = PRODUCTMAN01 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 479 minutes. NtpClient has no source of accurate
    time.


    < End of report >

  9. #9
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,178
    Points
    89
    Blog Entries
    4

    Default

    Hello again

    You have Spybot TeaTimer installed on your system and it may interfere with the fixing...Please disable teatimer or have it to allow the changes from the tools we use.

    Step 1.

    Let's fix some issues with OTL by doing the following:

    Double click on the Icon at your desktop to run it.
    (Vista users right click and run as an Admin.)
    Copy the lines in the codebox below. (make sure that :Otl is on the first line ) just highlight everything in the code box (starting with :Otl ) and copy and paste it into the 'Custom scan/fix' box on OTL.
    Code:
    :otl
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - No CLSID value found.
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O15 - HKCU\..Trusted Domains: delta.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ekstrom-metering.com ([mail] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: go.com ([r.espn] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    
    
    :Files
    ipconfig /flushdns /c
    %systemroot%\prefetch\*.*
    
    :commands
    [PURITY]
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [REBOOT]
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    • Click the red Run Fix button.

    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.


    Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

    if you lose the report, there will be a copy here:
    C:\_OTL\MovedFiles


    Step 2.

    We should Re-run MBAM like this:

    Let's get your MalwareBytes AntiMalware updated and run a final scan:

    Please update MBAM and run another scan:
    Start MBAM
    Click on the Update tab



    click Check for Updates



    If it says that MBAM needs to close to update it... let it close and then restart.
    Then click the Scan button.

    Don't forget:
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    Post the report that comes up after the scan.

    Step 3.

    Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
    Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer
    .

    You can use either Internet Explorer or Mozilla FireFox for this scan.
    NOTE:This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
    To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu
    .
    • Please go here then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.

    NOTE: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
    If you did not save the ESETScan log, click Start > Run..., then type or copy and paste everything inside the code box below into the Open dialogue box:

    Code:
    C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Click Ok and the scan results will open in Notepad.
    • Copy and paste the contents of log.txt in your next reply.


    In some instances if no malware is found there will be no log produced.

    Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
    ~~~~~~~~~~~~~
    Note:
    *If you are running a 64bit system:
    The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.

    Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    Summary of the logs I will need in your next reply:
    • The report log of OTL
    • The report log of Malwarebytes
    • The report log of Eset Online Scan.

    And a description of any remaining problems.

    How are things your end ???.


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Kind regards
    Net_Surfer
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  10. #10
    Member
    Join Date
    Apr 2010
    Posts
    21
    Points
    0

    Default

    Net_Surfer. Thank you so much for the help. The machine seems to be running fine and is much faster once I got past the ComboFix step. I do realize that items can stick around and if you dont clear all traces, can regenerate, so I appreciate the help.

    When doing the most recent OTL scan, the program got past establishing the system restore point and the program had the message "Processing Complete!" at the bottom, but I did have to manually reboot the machine as the program stalled or my machine resisted.

    Here are the log files you requested.

    OTL

    All processes killed
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
    Prefs.js: "*.local" removed from network.proxy.no_proxies_on
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\delta.com\www\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ekstrom-metering.com\mail\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\go.com\r.espn\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\login\ deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Jmiller.EKSTROM\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Jmiller.EKSTROM\Desktop\cmd.txt deleted successfully.
    C:\WINDOWS\prefetch\ACROBAT.EXE-3640FEA1.pf moved successfully.
    C:\WINDOWS\prefetch\ACROBATINFO.EXE-16EC04E5.pf moved successfully.
    C:\WINDOWS\prefetch\ACRODIST.EXE-2B804A15.pf moved successfully.
    C:\WINDOWS\prefetch\ACRORD32.EXE-36E8F12E.pf moved successfully.
    C:\WINDOWS\prefetch\ADBERDR1001_EN_US.EXE-03376931.pf moved successfully.
    C:\WINDOWS\prefetch\ADOBE PREMIERE ELEMENTS 8.0.E-2CCED028.pf moved successfully.
    C:\WINDOWS\prefetch\ADOBE PREMIERE ELEMENTS.EXE-03F2620B.pf moved successfully.
    C:\WINDOWS\prefetch\ADOBEARM.EXE-00A55D68.pf moved successfully.
    C:\WINDOWS\prefetch\ADOBEA~1.EXE-115A7FDD.pf moved successfully.
    C:\WINDOWS\prefetch\ADOBEUPDATER.EXE-27A3E5C5.pf moved successfully.
    C:\WINDOWS\prefetch\ADOBE_UPDATER.EXE-36985884.pf moved successfully.
    C:\WINDOWS\prefetch\AIRAPPINSTALLER.EXE-18F1C69E.pf moved successfully.
    C:\WINDOWS\prefetch\ALG.EXE-275708CF.pf moved successfully.
    C:\WINDOWS\prefetch\APMSGFWD.EXE-09B0FDD0.pf moved successfully.
    C:\WINDOWS\prefetch\APNTEX.EXE-07D7E94A.pf moved successfully.
    C:\WINDOWS\prefetch\APOINT.EXE-03E36C22.pf moved successfully.
    C:\WINDOWS\prefetch\ARH.EXE-263BC81B.pf moved successfully.
    C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf moved successfully.
    C:\WINDOWS\prefetch\CSC.EXE-08AD7008.pf moved successfully.
    C:\WINDOWS\prefetch\CTFMON.EXE-05E57A5E.pf moved successfully.
    C:\WINDOWS\prefetch\CVTRES.EXE-1404C725.pf moved successfully.
    C:\WINDOWS\prefetch\DLG.EXE-332F77D1.pf moved successfully.
    C:\WINDOWS\prefetch\DLLHOST.EXE-474D72E6.pf moved successfully.
    C:\WINDOWS\prefetch\ELEMENTSAUTOANALYZER.EXE-3AF7CB9E.pf moved successfully.
    C:\WINDOWS\prefetch\ELEMENTSORGANIZERSYNCAGENT.EX-36F5C9F1.pf moved successfully.
    C:\WINDOWS\prefetch\ERADESKTOP.EXE-2264EFEF.pf moved successfully.
    C:\WINDOWS\prefetch\EREPORTS.EXE-2C7766F6.pf moved successfully.
    C:\WINDOWS\prefetch\EULA.EXE-20E4BEB2.pf moved successfully.
    C:\WINDOWS\prefetch\EXCEL.EXE-1FF53647.pf moved successfully.
    C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf moved successfully.
    C:\WINDOWS\prefetch\FIREFOX.EXE-01B8D025.pf moved successfully.
    C:\WINDOWS\prefetch\FNPLICENSINGSERVICE.EXE-1A7F4D94.pf moved successfully.
    C:\WINDOWS\prefetch\GETPLUSPLUS_ADOBE.EXE-3247B0F6.pf moved successfully.
    C:\WINDOWS\prefetch\GETPLUSPLUS_ADOBE_REG.EXE-1174FE00.pf moved successfully.
    C:\WINDOWS\prefetch\GETPLUSUNINST_ADOBE.EXE-070D2713.pf moved successfully.
    C:\WINDOWS\prefetch\GETPLUSUNINST_ADOBE.EXE-18678EE5.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-024AD864.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-0047A1C5.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-160E1F62.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLEUPDATERSERVICE.EXE-2F4A2F77.pf moved successfully.
    C:\WINDOWS\prefetch\GPUSNIFFER.EXE-13ED76C3.pf moved successfully.
    C:\WINDOWS\prefetch\HELPSVC.EXE-1C192440.pf moved successfully.
    C:\WINDOWS\prefetch\HKCMD.EXE-0F06AE14.pf moved successfully.
    C:\WINDOWS\prefetch\IEXPLORE.EXE-030260BF.pf moved successfully.
    C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf moved successfully.
    C:\WINDOWS\prefetch\IGFXPERS.EXE-19DA7B04.pf moved successfully.
    C:\WINDOWS\prefetch\IGFXSRVC.EXE-1D88F978.pf moved successfully.
    C:\WINDOWS\prefetch\IGFXTRAY.EXE-0A23D403.pf moved successfully.
    C:\WINDOWS\prefetch\IMAPI.EXE-201490BB.pf moved successfully.
    C:\WINDOWS\prefetch\INSTALLER.EXE-315B4CF3.pf moved successfully.
    C:\WINDOWS\prefetch\INSTALL_FLASH_PLAYER_AX.EXE-061E0721.pf moved successfully.
    C:\WINDOWS\prefetch\IPCONFIG.EXE-05D7908C.pf moved successfully.
    C:\WINDOWS\prefetch\IPODSERVICE.EXE-37043579.pf moved successfully.
    C:\WINDOWS\prefetch\ITMDIST.EXE-2E68E13E.pf moved successfully.
    C:\WINDOWS\prefetch\ITUNESHELPER.EXE-0A1B0F2C.pf moved successfully.
    C:\WINDOWS\prefetch\JUSCHED.EXE-0219AD6E.pf moved successfully.
    C:\WINDOWS\prefetch\Layout.ini moved successfully.
    C:\WINDOWS\prefetch\MCCHSVC.EXE-0416A7DE.pf moved successfully.
    C:\WINDOWS\prefetch\MOBILEMESERVICES.EXE-30816604.pf moved successfully.
    C:\WINDOWS\prefetch\MSDTC.EXE-1D9D8668.pf moved successfully.
    C:\WINDOWS\prefetch\MSFEEDSSYNC.EXE-05335A39.pf moved successfully.
    C:\WINDOWS\prefetch\MSIEXEC.EXE-330626DC.pf moved successfully.
    C:\WINDOWS\prefetch\NOTEPAD.EXE-2DAE2DE6.pf moved successfully.
    C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf moved successfully.
    C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
    C:\WINDOWS\prefetch\OFFLB.EXE-31CE4E6C.pf moved successfully.
    C:\WINDOWS\prefetch\OTL.EXE-178F0C5C.pf moved successfully.
    C:\WINDOWS\prefetch\OUTLOOK.EXE-2A55A16A.pf moved successfully.
    C:\WINDOWS\prefetch\PHOTOSHOPSERVER.EXE-24DED09F.pf moved successfully.
    C:\WINDOWS\prefetch\PHOTOSHOPSERVER.EXE-30D522E4.pf moved successfully.
    C:\WINDOWS\prefetch\PING.EXE-30F9CA9D.pf moved successfully.
    C:\WINDOWS\prefetch\PPCL.EXE-002159F4.pf moved successfully.
    C:\WINDOWS\prefetch\PSI.EXE-0C53B0E8.pf moved successfully.
    C:\WINDOWS\prefetch\QTTASK.EXE-1876A1A1.pf moved successfully.
    C:\WINDOWS\prefetch\REALMON.EXE-0A85DAEF.pf moved successfully.
    C:\WINDOWS\prefetch\REGEDIT.EXE-2AE3423E.pf moved successfully.
    C:\WINDOWS\prefetch\REGSVR32.EXE-396DEA2C.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-3B50A5F3.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-3C500167.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-4A183199.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-4FF9832D.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-5645E36A.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-7124943D.pf moved successfully.
    C:\WINDOWS\prefetch\SECUREUPGRADE.EXE-33223732.pf moved successfully.
    C:\WINDOWS\prefetch\SECURITYSCAN_RELEASE.EXE-392C7CED.pf moved successfully.
    C:\WINDOWS\prefetch\SETUP.EXE-0F2DB7AA.pf moved successfully.
    C:\WINDOWS\prefetch\SETUP.EXE-1AA02179.pf moved successfully.
    C:\WINDOWS\prefetch\SKYPENAMES2.EXE-00E0C37F.pf moved successfully.
    C:\WINDOWS\prefetch\SPOOLSV.EXE-3A613CE3.pf moved successfully.
    C:\WINDOWS\prefetch\SSSCHEDULER.EXE-38B304D2.pf moved successfully.
    C:\WINDOWS\prefetch\SSUPDATE.EXE-0AEC7754.pf moved successfully.
    C:\WINDOWS\prefetch\SUPERANTISPYWARE.EXE-28713C90.pf moved successfully.
    C:\WINDOWS\prefetch\SVCHOST.EXE-2D5FBD18.pf moved successfully.
    C:\WINDOWS\prefetch\SWDNLD.EXE-08C1FE61.pf moved successfully.
    C:\WINDOWS\prefetch\SWHELPER_1159620.EXE-0488D576.pf moved successfully.
    C:\WINDOWS\prefetch\TASKMGR.EXE-06144C13.pf moved successfully.
    C:\WINDOWS\prefetch\TEATIMER.EXE-0390E8A7.pf moved successfully.
    C:\WINDOWS\prefetch\UPDATE.EXE-0A7E9C69.pf moved successfully.
    C:\WINDOWS\prefetch\USERINIT.EXE-0743FDA9.pf moved successfully.
    C:\WINDOWS\prefetch\UTORRENT.EXE-01137797.pf moved successfully.
    C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf moved successfully.
    C:\WINDOWS\prefetch\WCDREGISTRATIONHEADLESS.EXE-0059AA4B.pf moved successfully.
    C:\WINDOWS\prefetch\WGATRAY.EXE-350D4455.pf moved successfully.
    C:\WINDOWS\prefetch\WINWORD.EXE-15ED065E.pf moved successfully.
    C:\WINDOWS\prefetch\WLTRAY.EXE-0D3A5A80.pf moved successfully.
    C:\WINDOWS\prefetch\WMIADAP.EXE-32F99497.pf moved successfully.
    C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf moved successfully.
    C:\WINDOWS\prefetch\WORDPAD.EXE-30063FA0.pf moved successfully.
    C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf moved successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 456 bytes

    User: ADMINISTRATOR.EKSTROM
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56502 bytes

    User: Jmiller
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Jmiller.EKSTROM
    ->Temp folder emptied: 752339 bytes
    ->Temporary Internet Files folder emptied: 98440314 bytes
    ->Java cache emptied: 4120292 bytes
    ->FireFox cache emptied: 92871831 bytes
    ->Flash cache emptied: 261541 bytes

    User: JMILLE~1

    User: JMILLE~1~EKS

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 3045 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 555520 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 511 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 12565501 bytes

    Total Files Cleaned = 200.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: ADMINISTRATOR.EKSTROM

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jmiller

    User: Jmiller.EKSTROM
    ->Flash cache emptied: 0 bytes

    User: JMILLE~1

    User: JMILLE~1~EKS

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.22.3 log created on 03252011_071811

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    MBAM

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes

    Database version: 6165

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/25/2011 7:42:44 AM
    mbam-log-2011-03-25 (07-42-44).txt

    Scan type: Quick scan
    Objects scanned: 191574
    Time elapsed: 6 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ESET

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    esets_scanner_update returned -1 esets_gle=53251
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=025fdecf38ca954a9fb37d0ae6a5cd9d
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-03-25 02:11:04
    # local_time=2011-03-25 10:11:04 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 27717363 27717363 0 0
    # scanned=89464
    # found=4
    # cleaned=4
    # scan_time=7000
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0073587.rbf a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0073592.rbf a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0073593.rbf a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0073594.rbf probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    Thanks again!

Page 1 of 2 12 LastLast