Several Stopzilla, Nexplore, etc. Popups

Unknown · August 2009

I've recently been getting several popups with adverts from Stopzilla, Nexplore, and other similar 'services'. I use Firefox, but the title in the browser windows that come up says that the ads are coming from IE. I looked on TskMngr however, and the popups are indeed from Firefox.

I googled around looking for people with similar problems, and I noticed that Google kept redirecting me to stupid advertisements that were completely unrelated to my search. This also coincides with the experiences of the people on this forum having popup problems. I, like them, believe I have a malware issue here.

I've also noticed recently that Firefox keeps spamming me with messages saying 'A script on this page has been stopped due to a low memory condition,' accompanied by an obnoxious failure to load images on web pages and the vanishing of all my Firefox toolbar icons. I believe this is related to the popup issue.

I am running a WindowsXP SP3. Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:54 PM, on 8/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VolumeTouch\VolumeTouch.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://en-us.add-ons.mozilla.com/en-US/thunderbird/2.0.0.17/themes/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {400ccfef-7e5c-4153-b52c-6e798b6c2132} - C:\WINDOWS\system32\gemotusa.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll (file missing)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O3 - Toolbar: FBmini Toolbar powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [VolumeTouch] "C:\Program Files\VolumeTouch\VolumeTouch.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DSS] SOFTWARE\Broderbund Software\DSS\AppList\FDE3844AE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [balewipobe] Rundll32.exe "C:\WINDOWS\system32\wotifesu.dll",s
O4 - HKLM\..\Run: [CPM9b87d9c8] Rundll32.exe "C:\WINDOWS\system32\jetuvuna.dll",a
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [FreeNote] C:\Documents and Settings\All Users\Documents\Shared Programs\Digital Sticky Notes.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4220086879-2554244072-952658825-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Amy Sadler')
O4 - HKUS\S-1-5-21-4220086879-2554244072-952658825-1006\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 (User 'Amy Sadler')
O4 - HKUS\S-1-5-21-4220086879-2554244072-952658825-1006\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\NetWaiting.exe (User 'Amy Sadler')
O4 - HKUS\S-1-5-21-4220086879-2554244072-952658825-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Amy Sadler')
O4 - HKUS\S-1-5-21-4220086879-2554244072-952658825-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Amy Sadler')
O4 - HKUS\S-1-5-21-4220086879-2554244072-952658825-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Ted Sadler')
O4 - S-1-5-21-4220086879-2554244072-952658825-1006 Startup: PowerReg Scheduler.exe (User 'Amy Sadler')
O4 - S-1-5-21-4220086879-2554244072-952658825-1006 User Startup: PowerReg Scheduler.exe (User 'Amy Sadler')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00C7C2A0-8B82-11D1-8B57-00A0C98CD92B} (ActiveReports Viewer) - https://www.ucctops.com/UCC/ARVIEWER.CAB
O16 - DPF: {0914A6AD-B2B2-489D-9F8A-65AC0892C16F} (prjOutLoadActiveX.OutLoadOrderPick) - https://www.ucctops.com/UCC/OUTLOADACTIVEX.CAB
O16 - DPF: {110684D6-FD55-11D4-B95D-0008C7BBC99A} (UCCCenterEmp.CenterEmployee) - https://www.ucctops.com/UCC/UCCCENTEREMP.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {198D7217-D4DE-4F1C-9653-67FA935BBF2E} (UCCMemberComment.MemberComment) - https://www.ucctops.com/UCC/UCCMEMBERCOMMENT.CAB
O16 - DPF: {37EDD7F1-F9D2-11D3-B92F-0008C7B328E7} (UCCVendorComment.VendorComment) - https://www.ucctops.com/UCC/UCCVENDORCOMMENT.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {3AB35C72-FBC9-11D4-B95A-0008C7BBC99A} (UCCVendor_Center.Vendor_Center) - https://www.ucctops.com/UCC/UCCVENDOR_CENTER.CAB
O16 - DPF: {3E868D8B-D560-11D3-B8E1-0008C7B328E7} (UCCVendorContact.VendorContact) - https://www.ucctops.com/UCC/UCCVENDORCONTACT.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {508CF561-90FD-11D3-B86B-0008C7B328E7} (UCCOrderedItems.OrderedItems) - https://www.ucctops.com/UCC/UCCORDEREDITEMS.CAB
O16 - DPF: {5F7EF593-FD4C-11D4-B95D-0008C7BBC99A} (UCCVendorEmp.VendorEmployee) - https://www.ucctops.com/UCC/UCCVENDOREMP.CAB
O16 - DPF: {6DCE5A95-534F-4589-8F34-B80BD8F86A23} (UCCFeesCenter.UCCFeesCtlCenter) - https://www.ucctops.com/UCC/UCCFEESCENTER.CAB
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3913.cab
O16 - DPF: {719D6B64-25D8-11D4-B85E-0008C7BBC99A} (UCCOrderPayment.OrderPayment) - https://www.ucctops.com/ucc/OrderPayment.CAB
O16 - DPF: {7F3AADF6-83B7-4993-92D3-5AF9AE33F0F0} (UCCDate.Date) - https://www.ucctops.com/cabs/UCCDate.CAB
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://www.ucctops.com/UCC/ARVIEW2.CAB
O16 - DPF: {890D538D-BB75-11D4-B90A-0008C7BBC99A} (UCCCenterCenter.CenterVendor) - https://www.ucctops.com/UCC/UCCCENTERVENDOR.CAB
O16 - DPF: {92AA2752-FD2D-11D4-B95D-0008C7BBC99A} (UCCEmpCenter.EmployeeCenter) - https://www.ucctops.com/UCC/EMPLOYEECENTER.CAB
O16 - DPF: {9B330208-A8FD-48CE-B10F-C69F68629DAF} (SecurityActiveX.SecurityControl) - https://www.ucctops.com/ucc/SecurityActiveX.CAB
O16 - DPF: {9C2142D6-65DE-11D3-B809-0008C7B328E7} (prjLVendorFacility.LVendorFacility) - https://www.ucctops.com/UCC/UCCLVENDORFACILITY.CAB
O16 - DPF: {9DD2D2FB-8E09-4EB5-985C-3E2CAFF81BE8} (UCCVendorFacility.VendorFacility) - https://www.ucctops.com/UCC/UCCVENDORFACILITY.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {ABB987D4-3BB1-11D4-A72C-0050BAB0F843} (prjRouteLocation.RouteLocation) - https://www.ucctops.com/UCC/ROUTELOCATION.CAB
O16 - DPF: {AC253AD4-C8EA-425F-820A-12993CDBC5BB} (UCCVendorPayTo.VendorPayTo) - https://www.ucctops.com/UCC/UCCVENDORPAYTO.CAB
O16 - DPF: {AECA0013-460B-4BD4-B6ED-5BCD714E8678} (UCCEFTMerch.ctlEFTMerch) - https://www.ucctops.com/UCC/PRJUCCEFTMERCH.CAB
O16 - DPF: {B1BFC425-32F8-11D4-AD62-0050BAB0F843} (prjOrderToLoad.OrderToLoad) - https://www.ucctops.com/UCC/ORDERTOLOAD.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD2368C8-0429-11D5-8E96-00C04F580C6F} (UCCDateControl.DateControl) - https://www.ucctops.com/UCC/UCCDATECONTROL.CAB
O16 - DPF: {D17D5567-5202-45C5-A7E2-CECA48101268} (UccSupplierList.SupplierList) - https://www.ucctops.com/UCC/UCCSUPPLIERLIST.CAB
O16 - DPF: {D2BA89C9-E60A-497F-8CBF-DDCC05B6125F} (UCCOrderedItems.OrderedItems) - http://www.ucctops.com/ucc/UCCOrderedItems.CAB
O16 - DPF: {DB944E32-A10B-4D97-AA5E-B7451C157B0A} (UCCDiscussionsXML.UCCPODiscussionsXML) - https://www.ucctops.com/ucc/UCC_PODiscussionsXML.cab
O16 - DPF: {DED417FF-FD42-11D4-B95D-0008C7BBC99A} (UCCEmpVendor.EmployeeVendor) - https://www.ucctops.com/UCC/EMPLOYEEVENDOR.CAB
O16 - DPF: {DF2CD7C9-D585-4E39-8A60-A7CC72801B7D} (uccAPI.clsRegistry) - https://www.ucctops.com/UCC/uccAPI.CAB
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3913.cab
O16 - DPF: {EEB96741-4027-4B6A-98FE-6FE6DCE89F87} (UCCEFTMemb.EFTMemb) - https://www.ucctops.com/UCC/UCCEFTMEMB.CAB
O16 - DPF: {F6A7C954-3CD2-4B78-A56F-4C488E363035} (UCCMemberPayment.MemberPayment) - https://www.ucctops.com/ucc/UCCMemberPayment.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\vusimevi.dll c:\windows\system32\jetuvuna.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jetuvuna.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jetuvuna.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 18126 bytes

Katana · August 2009

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )

Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

Theon804 · August 2009

Alright, thank you. I was out of town yesterday and didn't have a chance to do anything yet, but I just downloaded Malwarebytes' Anti-Malware program and it's scanning right now. It will continue to scan while I'm at work, and then I will post the log results for that and download the other programs when I get home.

I hope I didn't mess anything up by posting this... your post indicates that the DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc ! instructions apply to the GMER scan and not the MalwareBytes..

Thank you,
Theon

Katana · August 2009

Theon804 wrote:

your post indicates that the ~instructions apply to the GMER scan and not the MalwareBytes..

Correct

Theon804 · August 2009

Ugh... I was gone all day yesterday, right? (Didn't get home 'till late.) Well, my Dad was home before me, and failed to see the note I left him about not touching the computer until I had a chance to get the MalwareBytes log. He completely closed me out of what I was doing, although he said that he "saw the scan results and healed the infections it said we had, then rebooted the PC because it told him to.

I got on this morning and got more popups, so the problem is still there.

What do I do now? =[

Katana · August 2009

If you accidently close it, the log file is saved here and will be named like this:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Please post the MalwareBytes log and then follow the other instructions.

Theon804 · August 2009

Malwarebytes' Anti-Malware 1.40
Database version: 2557
Windows 5.1.2600 Service Pack 3

8/4/2009 8:05:13 PM
mbam-log-2009-08-04 (20-05-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 293405
Time elapsed: 2 hour(s), 8 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 9
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\nefuwipi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\SYSTEM32\zozefebe.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{400ccfef-7e5c-4153-b52c-6e798b6c2132} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{400ccfef-7e5c-4153-b52c-6e798b6c2132} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\balewipobe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm9b87d9c8 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\nefuwipi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\nefuwipi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\nefuwipi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\lupojatu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zozefebe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tilufewa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Theon804 · August 2009

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ted TM Sadler at 2009-08-05 18:51:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 105 GB (71%) free of 149 GB
Total RAM: 510 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:16 PM, on 8/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VolumeTouch\VolumeTouch.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Documents\Shared Programs\Digital Sticky Notes.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ted TM Sadler\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ted TM Sadler.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://en-us.add-ons.mozilla.com/en-US/thunderbird/2.0.0.17/themes/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {400ccfef-7e5c-4153-b52c-6e798b6c2132} - C:\WINDOWS\system32\venulowi.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll (file missing)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O3 - Toolbar: FBmini Toolbar powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [VolumeTouch] "C:\Program Files\VolumeTouch\VolumeTouch.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DSS] SOFTWARE\Broderbund Software\DSS\AppList\FDE3844AE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [balewipobe] Rundll32.exe "C:\WINDOWS\system32\falukapo.dll",s
O4 - HKLM\..\Run: [CPM9b87d9c8] Rundll32.exe "c:\windows\system32\nisimose.dll",a
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [FreeNote] C:\Documents and Settings\All Users\Documents\Shared Programs\Digital Sticky Notes.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
O4 - HKUS\S-1-5-19\..\Run: [balewipobe] Rundll32.exe "C:\WINDOWS\system32\falukapo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [balewipobe] Rundll32.exe "C:\WINDOWS\system32\falukapo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4220086879-2554244072-952658825-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Ted Sadler')
O4 - HKUS\S-1-5-21-4220086879-2554244072-952658825-1007\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\NetWaiting.exe (User 'Ted Sadler')
O4 - HKUS\S-1-5-21-4220086879-2554244072-952658825-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Ted Sadler')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00C7C2A0-8B82-11D1-8B57-00A0C98CD92B} (ActiveReports Viewer) - https://www.ucctops.com/UCC/ARVIEWER.CAB
O16 - DPF: {0914A6AD-B2B2-489D-9F8A-65AC0892C16F} (prjOutLoadActiveX.OutLoadOrderPick) - https://www.ucctops.com/UCC/OUTLOADACTIVEX.CAB
O16 - DPF: {110684D6-FD55-11D4-B95D-0008C7BBC99A} (UCCCenterEmp.CenterEmployee) - https://www.ucctops.com/UCC/UCCCENTEREMP.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {198D7217-D4DE-4F1C-9653-67FA935BBF2E} (UCCMemberComment.MemberComment) - https://www.ucctops.com/UCC/UCCMEMBERCOMMENT.CAB
O16 - DPF: {37EDD7F1-F9D2-11D3-B92F-0008C7B328E7} (UCCVendorComment.VendorComment) - https://www.ucctops.com/UCC/UCCVENDORCOMMENT.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {3AB35C72-FBC9-11D4-B95A-0008C7BBC99A} (UCCVendor_Center.Vendor_Center) - https://www.ucctops.com/UCC/UCCVENDOR_CENTER.CAB
O16 - DPF: {3E868D8B-D560-11D3-B8E1-0008C7B328E7} (UCCVendorContact.VendorContact) - https://www.ucctops.com/UCC/UCCVENDORCONTACT.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {508CF561-90FD-11D3-B86B-0008C7B328E7} (UCCOrderedItems.OrderedItems) - https://www.ucctops.com/UCC/UCCORDEREDITEMS.CAB
O16 - DPF: {5F7EF593-FD4C-11D4-B95D-0008C7BBC99A} (UCCVendorEmp.VendorEmployee) - https://www.ucctops.com/UCC/UCCVENDOREMP.CAB
O16 - DPF: {6DCE5A95-534F-4589-8F34-B80BD8F86A23} (UCCFeesCenter.UCCFeesCtlCenter) - https://www.ucctops.com/UCC/UCCFEESCENTER.CAB
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3913.cab
O16 - DPF: {719D6B64-25D8-11D4-B85E-0008C7BBC99A} (UCCOrderPayment.OrderPayment) - https://www.ucctops.com/ucc/OrderPayment.CAB
O16 - DPF: {7F3AADF6-83B7-4993-92D3-5AF9AE33F0F0} (UCCDate.Date) - https://www.ucctops.com/cabs/UCCDate.CAB
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://www.ucctops.com/UCC/ARVIEW2.CAB
O16 - DPF: {890D538D-BB75-11D4-B90A-0008C7BBC99A} (UCCCenterCenter.CenterVendor) - https://www.ucctops.com/UCC/UCCCENTERVENDOR.CAB
O16 - DPF: {92AA2752-FD2D-11D4-B95D-0008C7BBC99A} (UCCEmpCenter.EmployeeCenter) - https://www.ucctops.com/UCC/EMPLOYEECENTER.CAB
O16 - DPF: {9B330208-A8FD-48CE-B10F-C69F68629DAF} (SecurityActiveX.SecurityControl) - https://www.ucctops.com/ucc/SecurityActiveX.CAB
O16 - DPF: {9C2142D6-65DE-11D3-B809-0008C7B328E7} (prjLVendorFacility.LVendorFacility) - https://www.ucctops.com/UCC/UCCLVENDORFACILITY.CAB
O16 - DPF: {9DD2D2FB-8E09-4EB5-985C-3E2CAFF81BE8} (UCCVendorFacility.VendorFacility) - https://www.ucctops.com/UCC/UCCVENDORFACILITY.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {ABB987D4-3BB1-11D4-A72C-0050BAB0F843} (prjRouteLocation.RouteLocation) - https://www.ucctops.com/UCC/ROUTELOCATION.CAB
O16 - DPF: {AC253AD4-C8EA-425F-820A-12993CDBC5BB} (UCCVendorPayTo.VendorPayTo) - https://www.ucctops.com/UCC/UCCVENDORPAYTO.CAB
O16 - DPF: {AECA0013-460B-4BD4-B6ED-5BCD714E8678} (UCCEFTMerch.ctlEFTMerch) - https://www.ucctops.com/UCC/PRJUCCEFTMERCH.CAB
O16 - DPF: {B1BFC425-32F8-11D4-AD62-0050BAB0F843} (prjOrderToLoad.OrderToLoad) - https://www.ucctops.com/UCC/ORDERTOLOAD.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD2368C8-0429-11D5-8E96-00C04F580C6F} (UCCDateControl.DateControl) - https://www.ucctops.com/UCC/UCCDATECONTROL.CAB
O16 - DPF: {D17D5567-5202-45C5-A7E2-CECA48101268} (UccSupplierList.SupplierList) - https://www.ucctops.com/UCC/UCCSUPPLIERLIST.CAB
O16 - DPF: {D2BA89C9-E60A-497F-8CBF-DDCC05B6125F} (UCCOrderedItems.OrderedItems) - http://www.ucctops.com/ucc/UCCOrderedItems.CAB
O16 - DPF: {DB944E32-A10B-4D97-AA5E-B7451C157B0A} (UCCDiscussionsXML.UCCPODiscussionsXML) - https://www.ucctops.com/ucc/UCC_PODiscussionsXML.cab
O16 - DPF: {DED417FF-FD42-11D4-B95D-0008C7BBC99A} (UCCEmpVendor.EmployeeVendor) - https://www.ucctops.com/UCC/EMPLOYEEVENDOR.CAB
O16 - DPF: {DF2CD7C9-D585-4E39-8A60-A7CC72801B7D} (uccAPI.clsRegistry) - https://www.ucctops.com/UCC/uccAPI.CAB
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3913.cab
O16 - DPF: {EEB96741-4027-4B6A-98FE-6FE6DCE89F87} (UCCEFTMemb.EFTMemb) - https://www.ucctops.com/UCC/UCCEFTMEMB.CAB
O16 - DPF: {F6A7C954-3CD2-4B78-A56F-4C488E363035} (UCCMemberPayment.MemberPayment) - https://www.ucctops.com/ucc/UCCMemberPayment.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\kusoyaji.dll C:\WINDOWS\system32\regizogu.dll c:\windows\system32\nisimose.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nisimose.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nisimose.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 17595 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-18 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{400ccfef-7e5c-4153-b52c-6e798b6c2132}]
C:\WINDOWS\system32\venulowi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}]
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-95BA-ED6DB186BE32}]
GoodSearch Toolbar - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL [2007-05-15 1806336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
PeoplePal Toolbar - c:\program files\peoplepc\toolbar\PPCToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-24 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-24 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
FBmini Toolbar powered by Ask.com - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-13 1168264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A8FB8EB3-183B-4598-924D-86F0E5E37085} - PeoplePal Toolbar - c:\program files\peoplepc\toolbar\PPCToolbar.dll []
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]
{4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - GoodSearch Toolbar - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL [2007-05-15 1806336]
{D4027C7F-154A-4066-A1AD-4243D8127440} - FBmini Toolbar powered by Ask.com - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-13 1168264]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16 []
"VolumeTouch"=C:\Program Files\VolumeTouch\VolumeTouch.exe [2005-07-22 184320]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe [2005-06-03 36975]
"mmtask"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2006-01-17 53248]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-10-12 57344]
"DSS"=SOFTWARE\Broderbund Software\DSS\AppList\FDE3844AE []
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"Dell Photo AIO Printer 922"=C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [2004-11-10 290816]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-05 1948440]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"balewipobe"=C:\WINDOWS\system32\falukapo.dll,s []
"CPM9b87d9c8"=c:\windows\system32\nisimose.dll [2009-08-05 84992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"FreeNote"=C:\Documents and Settings\All Users\Documents\Shared Programs\Digital Sticky Notes.exe [2004-02-27 94208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-08 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe [2008-03-24 218496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]
C:\Program Files\PeoplePC\ISP6200\BIN\PPCOLink.exe [2005-07-25 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
C:\PROGRA~1\Quicken\billmind.exe [2002-07-30 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\palmOne\Hotsync.exe [2004-06-09 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
C:\PROGRA~1\MICROS~4\Office\OSA.EXE [1997-08-19 51984]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe
Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\kusoyaji.dll C:\WINDOWS\system32\regizogu.dll c:\windows\system32\nisimose.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-05 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nisimose.dll [2009-08-05 84992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nisimose.dll [2009-08-05 84992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\kusoyaji.dll
C:\WINDOWS\system32\regizogu.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe"="C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe"="C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\BZFLAG\bzflag.exe"="C:\Program Files\BZFLAG\bzflag.exe:*:Enabled:bzflag"
"C:\Program Files\BZFlag2.0.10rc3\bzflag.exe"="C:\Program Files\BZFlag2.0.10rc3\bzflag.exe:*:Enabled:bzflag"
"C:\Program Files\BZFLAG\bzfs.exe"="C:\Program Files\BZFLAG\bzfs.exe:*:Enabled:bzfs"
"C:\Program Files\BZFlag2.0.10rc3\bzfs.exe"="C:\Program Files\BZFlag2.0.10rc3\bzfs.exe:*:Enabled:bzfs"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Sierra\Homeworld\homeworld.exe"="C:\Sierra\Homeworld\homeworld.exe:*:Enabled:homeworld"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Sierra\Cataclysm\cataclysm.exe"="C:\Sierra\Cataclysm\cataclysm.exe:*:Enabled:cataclysm"
"C:\Documents and Settings\Ted TM Sadler\Local Settings\Temp\WZS4D2.tmp\Homeworld.exe"="C:\Documents and Settings\Ted TM Sadler\Local Settings\Temp\WZS4D2.tmp\Homeworld.exe:*:Enabled:Homeworld"
"C:\Program Files\ABC\abc.exe"="C:\Program Files\ABC\abc.exe:*:Enabled:abc"
"C:\Sierra\Homeworld\hw5.exe"="C:\Sierra\Homeworld\hw5.exe:*:Enabled:hw5"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\SYSTEM32\RTCSHARE.EXE"="C:\WINDOWS\SYSTEM32\RTCSHARE.EXE:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\CONF.EXE"="C:\Program Files\NetMeeting\CONF.EXE:*:Enabled:WindowsÂ® NetMeetingÂ®"
"C:\Program Files\Wippien\Wippien.exe"="C:\Program Files\Wippien\Wippien.exe:*:Enabled:Wippien"
"C:\Program Files\Sierra\Homeworld2\Bin\Release\Homeworld2.exe"="C:\Program Files\Sierra\Homeworld2\Bin\Release\Homeworld2.exe:*:Enabled:Homeworld2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Documents and Settings\Ted TM Sadler\Application Data\GameRanger\GameRanger\GameRanger.exe"="C:\Documents and Settings\Ted TM Sadler\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Teamspeak2_RC2\server_windows.exe"="C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"C:\WINDOWS\SYSTEM32\dpvsetup.exe"="C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\SYSTEM32\rundll32.exe"="C:\WINDOWS\SYSTEM32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\SYSTEM32\winlogon.exe"="C:\WINDOWS\SYSTEM32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\SYSTEM32\logonui.exe"="C:\WINDOWS\SYSTEM32\logonui.exe:*:Enabled:logonui"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-08-05 18:51:22 ----D---- C:\rsit
2009-08-04 09:17:46 ----D---- C:\Documents and Settings\Ted TM Sadler\Application Data\Malwarebytes
2009-08-04 09:17:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-04 09:17:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-02 16:23:23 ----D---- C:\Program Files\Trend Micro
2009-07-21 21:41:31 ----D---- C:\Program Files\Windows Live Safety Center
2009-07-20 10:21:39 ----D---- C:\Program Files\iPod
2009-07-18 19:20:57 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2009-07-18 18:29:44 ----D---- C:\Program Files\Messenger Plus! Live
2009-07-16 08:28:36 ----D---- C:\Program Files\mIRC
2009-07-16 08:28:36 ----D---- C:\Documents and Settings\Ted TM Sadler\Application Data\mIRC
2009-07-15 23:28:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 23:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 23:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-15 18:28:06 ----D---- C:\Documents and Settings\Ted TM Sadler\Application Data\AskToolbar
2009-07-15 18:06:17 ----D---- C:\Program Files\Ask.com
2009-07-12 21:15:53 ----D---- C:\Documents and Settings\Ted TM Sadler\Application Data\Nikon
2009-07-08 22:34:31 ----D---- C:\WINDOWS\ie8updates
2009-07-08 21:10:16 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-08 17:30:43 ----D---- C:\Documents and Settings\Ted TM Sadler\Application Data\GameRanger
2009-07-08 15:59:11 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-08 08:11:26 ----HDC---- C:\WINDOWS\ie8

======List of files/folders modified in the last 1 months======

2009-08-05 18:51:21 ----D---- C:\WINDOWS\Prefetch
2009-08-05 18:49:08 ----D---- C:\Program Files\Mozilla Firefox
2009-08-05 09:46:47 ----A---- C:\Documents and Settings\Ted TM Sadler\Application Data\freenote.ini
2009-08-05 09:44:28 ----D---- C:\Program Files\e-Sword
2009-08-05 09:22:01 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT
2009-08-05 09:21:08 ----D---- C:\WINDOWS
2009-08-05 09:20:59 ----D---- C:\WINDOWS\Temp
2009-08-05 09:12:29 ----ASH---- C:\WINDOWS\system32\nozegako.dll
2009-08-05 09:12:28 ----ASH---- C:\WINDOWS\system32\nisimose.dll
2009-08-05 09:12:26 ----D---- C:\WINDOWS\SYSTEM32
2009-08-04 21:12:17 ----ASH---- C:\WINDOWS\system32\jinuyeju.dll
2009-08-04 21:12:16 ----ASH---- C:\WINDOWS\system32\vetahadu.dll
2009-08-04 20:13:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-04 20:07:12 ----D---- C:\WINDOWS\system32\DRIVERS
2009-08-04 20:06:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-04 20:05:13 ----RD---- C:\Program Files
2009-08-04 09:12:46 ----ASH---- C:\WINDOWS\system32\pewodaju.dll
2009-08-03 21:59:34 ----ASH---- C:\WINDOWS\system32\hewigaga.dll
2009-08-03 21:59:04 ----ASH---- C:\WINDOWS\system32\kutipani.dll
2009-08-03 21:59:04 ----ASH---- C:\WINDOWS\system32\daforumu.dll
2009-08-03 09:55:17 ----ASH---- C:\WINDOWS\system32\tanetezo.dll
2009-08-03 09:54:47 ----ASH---- C:\WINDOWS\system32\saduyome.dll
2009-08-03 09:32:12 ----ASH---- C:\WINDOWS\system32\dasofupu.dll
2009-08-03 09:32:09 ----ASH---- C:\WINDOWS\system32\gayujoje.dll
2009-08-02 21:12:42 ----ASH---- C:\WINDOWS\system32\pimitufo.dll
2009-08-02 21:12:14 ----ASH---- C:\WINDOWS\system32\buwelahi.dll
2009-08-02 21:12:12 ----ASH---- C:\WINDOWS\system32\kepapuvo.dll
2009-08-02 16:17:52 ----D---- C:\Program Files\Mozilla Thunderbird
2009-08-02 09:11:45 ----ASH---- C:\WINDOWS\system32\jetuvuna.dll
2009-08-02 08:46:21 ----D---- C:\Program Files\Dl_cats
2009-08-02 08:46:21 ----A---- C:\WINDOWS\dellstat.ini
2009-07-29 03:02:21 ----HD---- C:\WINDOWS\INF
2009-07-29 03:02:12 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-07-29 03:02:10 ----D---- C:\Program Files\Internet Explorer
2009-07-29 03:00:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-29 03:00:28 ----SHD---- C:\WINDOWS\Installer
2009-07-29 03:00:28 ----SHD---- C:\Config.Msi
2009-07-29 03:00:27 ----D---- C:\WINDOWS\WinSxS
2009-07-25 16:40:36 ----HD---- C:\$AVG8.VAULT$
2009-07-24 18:30:32 ----D---- C:\Program Files\Google
2009-07-24 13:25:07 ----RASH---- C:\BOOT.INI
2009-07-24 13:25:07 ----A---- C:\WINDOWS\WIN.INI
2009-07-24 13:25:07 ----A---- C:\WINDOWS\SYSTEM.INI
2009-07-24 12:59:39 ----D---- C:\WINDOWS\pss
2009-07-23 22:43:09 ----A---- C:\WINDOWS\qwimp.ini
2009-07-23 21:41:32 ----A---- C:\WINDOWS\QUICKEN.INI
2009-07-23 20:14:08 ----D---- C:\Program Files\Quicken
2009-07-23 09:47:04 ----D---- C:\WINDOWS\system32\CONFIG
2009-07-20 10:22:04 ----D---- C:\Program Files\iTunes
2009-07-20 10:20:21 ----D---- C:\Program Files\Common Files\Apple
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 09:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-18 18:25:41 ----D---- C:\Documents and Settings\Ted TM Sadler\Application Data\Apple Computer
2009-07-16 14:05:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-15 23:28:31 ----A---- C:\WINDOWS\imsins.BAK
2009-07-15 18:06:31 ----SD---- C:\WINDOWS\Tasks
2009-07-09 12:35:05 ----D---- C:\Program Files\Teamspeak2_RC2
2009-07-09 10:55:32 ----D---- C:\Program Files\NCH Swift Sound
2009-07-09 10:55:32 ----D---- C:\Documents and Settings\Ted TM Sadler\Application Data\NCH Swift Sound
2009-07-09 10:54:44 ----D---- C:\Program Files\Winamp
2009-07-09 10:24:49 ----D---- C:\Program Files\QuickTime
2009-07-09 08:18:31 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-07-09 08:12:51 ----D---- C:\Documents and Settings\Ted TM Sadler\Application Data\teamspeak2
2009-07-08 21:11:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-08 17:31:50 ----D---- C:\Documents and Settings\Ted TM Sadler\Application Data\WeatherBug
2009-07-08 15:59:56 ----D---- C:\Documents and Settings\Ted TM Sadler\Application Data\AdobeUM
2009-07-08 15:55:32 ----D---- C:\Program Files\Adobe
2009-07-08 14:30:51 ----D---- C:\Sierra
2009-07-08 11:28:46 ----D---- C:\WINDOWS\Minidump
2009-07-08 08:18:54 ----D---- C:\WINDOWS\system32\en-US
2009-07-08 08:18:53 ----D---- C:\WINDOWS\Media
2009-07-08 08:18:53 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-18 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-05 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-23 108552]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2002-09-04 34938]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 DCFS2K;DCFS2K; C:\WINDOWS\system32\drivers\dcfs2k.sys [2002-02-28 36885]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2002-09-04 131509]
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2004-03-22 4272]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2002-02-28 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2002-02-28 8058]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2002-02-28 55866]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 gbalink;GBA Link Driver (gbalink.sys); C:\WINDOWS\System32\Drivers\gbalink.sys [2001-03-08 19677]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-03-04 25280]
S3 jnv4_mib;jnv4_mib; \??\C:\DOCUME~1\TEDTMS~1\LOCALS~1\Temp\jnv4_mib.sys []
S3 LTower;LEGO USB Tower Driver; C:\WINDOWS\System32\Drivers\LTower.sys [2001-04-25 36981]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-10-10 16694]
S3 qslwdmsu;qslwdmsu; \??\C:\DOCUME~1\TEDTMS~1\LOCALS~1\Temp\qslwdmsu.sys []
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2005-07-13 33890]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TdcLps;TdcLps; \??\C:\DOCUME~1\TEDTMS~1\LOCALS~1\Temp\TdcLps.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wip0204;Wippien Network Adapter 2.4; C:\WINDOWS\system32\DRIVERS\wip0204.sys [2008-05-21 23480]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-18 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-05 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Dcfssvc;Dcfssvc; C:\WINDOWS\system32\drivers\dcfssvc.exe [2002-02-28 188987]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 ATI Smart;ATI Smart; C:\WINDOWS\SYSTEM32\ati2sgag.exe [2009-02-03 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2004-10-25 421888]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-24 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]

EOF

Theon804 · August 2009

info.txt logfile of random's system information tool 1.06 2009-08-05 18:52:24

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x9
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}\setup.exe" -l0x9 -uninst
ArcSoft VideoImpression 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEF2E5A3-0317-4822-B930-8B721EB483E4}\setup.exe" -l0x9 -uninst
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BarbieÂ® Super Sports(TM)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Barbie\BarbieÂ® Super Sports(TM)\Uninst.isu"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BZFlag 2.0.10rc3 (remove only)-->"C:\Program Files\BZFlag2.0.10rc3\uninstall.exe"
BZFlag(remove only)-->"C:\Program Files\BZFlag1.10.6\uninstall.exe"
bzflag-->C:\Program Files\BZFLAG\bzfuinst.exe C:\Program Files\BZFLAG
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Cursor Maker-->C:\WINDOWS\uninst.exe -f"C:\Cursor Maker\DeIsL1.isu" -c"C:\Cursor Maker\_ISREG32.DLL"
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Photo AIO Printer 922-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUNST.EXE -NOLICENSE
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Digital Voice Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B478ACE-8512-4A46-ACB2-69D83DF2F6C7}\setup.exe" -l0x9 -remove
e-Sword-->MsiExec.exe /I{4FD27B25-4128-4CDA-A322-F1C8F0D8FEC9}
Family Tree Maker 7.0-->C:\WINDOWS\IsUninst.exe -fC:\FTW\Uninst.isu
Fisher-Price Petshop-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fisher-PriceÂ®\Petshop\DeIsL1.isu"
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
GoodSearch Toolbar-->C:\Program Files\goodsearch\uninstall.exe
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homeworld-->C:\Sierra\HOMEWO~1\UNINST~1\UNWISE.EXE C:\Sierra\HOMEWO~1\UNINST~1\INSTALL.LOG
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iDump (Backing up your iPod)-->C:\Program Files\iDump\uninstall.exe
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kodak EasyShare software-->MsiExec.exe /I{11DB853A-6966-4724-BEAD-793C48AC8C54}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Excel 97-->C:\Program Files\Microsoft Office\Office\Setup\AcmeXl.exe /w Excel97.stf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 97-->C:\Program Files\Microsoft Office\Office\Setup\AcmeWord.exe /w Word97.stf
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MS Access 97 SP2-->C:\Program Files\Microsoft Office\setup\setup.exe
MSN Entertainment Download Troubleshooter-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnediag.inf,Uninstall
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
MusicmatchÂ® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
My Way Search Assistant-->rundll32 C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll,O
MyDSC2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
palmOne-->MsiExec.exe /X{FF8157AA-F640-45BD-B7C2-BAA1016B267A}
PeoplePC Online-->C:\WINDOWS\system32\PPCOUNIN.EXE
PeoplePC: PeoplePal Toolbar 6.2-->C:\WINDOWS\system32\ppaluninst.exe
Pepakura Designer2-->"C:\Program Files\tamasoftware\epuninst.exe" /s
Photo Click-->MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
PowerDVD 5.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickBooks 2000-->C:\WINDOWS\IsUninst.exe -ff:\QuickBooks\DeIsL1.isu -cf:\QuickBooks\removeqb.dll
QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
Quicken 2003 Deluxe-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2D974D26-BA8F-4A0B-B7EE-3F563AF79746} anything
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamSpeak 2 Server RC2-->"C:\Program Files\Teamspeak2_RC2\unins001.exe"
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VolumeTouch-->"C:\Program Files\VolumeTouch\unins000.exe"
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WeatherBug-->C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
WinBigw-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\WinBigw\ST6UNST.LOG"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Resource Kit Tools - SubInAcl.exe-->MsiExec.exe /X{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRar\uninstall.exe
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}

======Hosts File======

127.0.0.1 ie3.proxy.aol.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: SADLERHOME
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Record Number: 1239
Source Name: W32Time
Time Written: 20090522190723.000000-240
Event Type: error
User:

Computer Name: SADLERHOME
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 1238
Source Name: W32Time
Time Written: 20090522190723.000000-240
Event Type: error
User:

Computer Name: SADLERHOME
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 1237
Source Name: W32Time
Time Written: 20090522190723.000000-240
Event Type: error
User:

Computer Name: SADLERHOME
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 1236
Source Name: W32Time
Time Written: 20090522190723.000000-240
Event Type: error
User:

Computer Name: SADLERHOME
Event Code: 10010
Message: The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Record Number: 1213
Source Name: DCOM
Time Written: 20090521172653.000000-240
Event Type: error
User: SADLERHOME\Ted TM Sadler

=====Application event log=====

Computer Name: SADLERHOME
Event Code: 12001
Message:
Record Number: 3058
Source Name: usnjsvc
Time Written: 20081123124145.000000-300
Event Type:
User:

Computer Name: SADLERHOME
Event Code: 1000
Message: Faulting application dsagnt.exe, version 3.0.0.197, faulting module unknown, version 0.0.0.0, fault address 0x03d4108e.

Record Number: 3041
Source Name: Application Error
Time Written: 20081122170258.000000-300
Event Type: error
User:

Computer Name: SADLERHOME
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3026
Source Name: Application Hang
Time Written: 20081121164953.000000-300
Event Type: error
User:

Computer Name: SADLERHOME
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3025
Source Name: Application Hang
Time Written: 20081121164952.000000-300
Event Type: error
User:

Computer Name: SADLERHOME
Event Code: 12001
Message:
Record Number: 3018
Source Name: usnjsvc
Time Written: 20081120212400.000000-300
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip

EOF

Katana · August 2009

Do you have the GMER log ?

Theon804 · August 2009

That's the problem I just ran into.

Last night I tried to run GMER, but it ran into an error and had to close. So I closed it out and ran it again, and it went fine. The only times I touched the PC were to move the mouse slightly to make the screen saver go away. Everything ran smoothly and I let it complete the scan overnight.

I got up this morning and everything looked fine. GMER gave me a message saying "WARNING !!!
GMER has found system modification caused by ROOTKIT activity." So I clicked OK. The scan was complete, and I clicked 'Save', like you asked. Then GMER froze. Completely. I noticed shortly afterward that my mouse wasn't working. The optical laser on its bottom wasn't even lighting up. So I rebooted my computer.

When the computer rebooted, it flashed an error message about some file needing to be saved elsewhere, then went to a blue screen. The blue screen said that driver rdbss.sys attempted to unload without following protocol or something, and Windows needed to be shut down. So I shut it down, left it for a few moments, then restarted it.

When Windows rebooted, it came to a screen I don't recall seeing often, if ever. It said that it was "Checking file system on C:", commented that my hard disk was labeled "Alpha", and that the volume was "dirty". It then proceeded to tell me that CHKDSK was verifying files, indexes, and one other thing I didn't catch. It also said that it had recovered "orphaned file Oc5DC1~1.TMP (117090) into directory file 108055". Then it scrolled a bunch of text and jumped to my DELL screen that normally loads when I boot up.

It took me to the Windows XP Account list like it normally does, although I noticed that my mouse was still not working. So I switched to a different USB drive, and got it to respond again. I then logged back into my Windows XP account, and everything seemed normal. That's when I opened FireFox and got on here to tell you all this.

I should run GMER again, right?

Katana · August 2009

Try this scan instead

SysProt Antirootkit

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Theon804 · August 2009

Rofl, when I asked if I should start GMER again, I DID start it, and I have the log right here.

But the stupid thing made my PC bug out again. I managed to save the log this time, though.

GMER 1.0.15.15011 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-06 16:18:46
Windows 5.1.2600 Service Pack 3

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}@ {c3278e90-bea7-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ c:\progra~1\mcafee.com\vso\mcvsscrp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ScriptStopper_InProcServer32 C:\WINDOWS\system32\scrobj.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\ProgID@ Scriptlet.TypeLib

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\common.js 5231 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\ConnIssue.htm 5403 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\constants.js 2151 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\icon_information_32x.gif 234 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\icon_warning_32x.gif 219 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\LearnInternet.htm 1633 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\RAHelp.htm 2317 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\RCMoreInfo.htm 2981 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Css 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Css\RAChat.css 1369 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Css\rc.css 2442 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Css\rcbuddy.css 1308 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\ding.wav 80856 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\helpeeaccept.htm 3907 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\Animation.gif 4756 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\combobox_line.gif 59 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\connected.gif 1094 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\DividerBar.gif 1024 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\DividerBar.htm 346 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\DownArrow.gif 838 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\RAChatClient.htm 8969 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\RAClient.htm 45530 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\RAClient.js 11254 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\RAStatusBar.htm 7140 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\RAToolBar.htm 11187 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\RAToolBar.xml 3172 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\rcscreen6_head.htm 1290 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\rctoolScreen1.htm 2496 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\setting.htm 6552 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\TakeControl.bmp 3898 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\TakeControl.gif 861 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\UpArrow.gif 834 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\attentioninteraction.gif 690 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\ErrorMsgs.htm 2086 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\HelpCenter.bmp 3898 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\HelpCenter.gif 845 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\hide-chat.gif 379 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\info.gif 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\Options.bmp 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\Options.gif 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\Quit.bmp 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\Quit.gif 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\RAControl.js 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\RCFileXfer.htm 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\SendChat.gif 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\SendFile.bmp 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\SendFile.gif 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\SendVoice.bmp 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\SendVoice.gif 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\SendVoiceOn.gif 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\show-chat.gif 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\voicefirewallmsg.htm 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\VOIPMsgs.htm 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\RAClientLayout.xml 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\RAHelpeeAcceptLayout.xml 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\RAIMLayout.xml 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\RAStartPage.htm 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\RAURA.xml 0 bytes
File C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\rcBuddy.htm 0 bytes

---- EOF - GMER 1.0.15 ----

Theon804 · August 2009

Do you still want me to scan with SysProt?

Katana · August 2009

Theon804 wrote:

Do you still want me to scan with SysProt?

Yes please, that GMER log doesn't show any rootkit files.
You mentioned that on the first run it did find some.

Theon804 · August 2009

Alright.

*will scan tonight whilst we all sleep and will be back with the log in the morning*

Theon804 · August 2009

Oh, and I forgot to ask. Am I allowed to touch the computer whilst SysProt scans?

Katana · August 2009

It's best not to use the computer during any of the scans we do.

Theon804 · August 2009

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\smss.exe
PID: 568
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\csrss.exe
PID: 616
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\winlogon.exe
PID: 648
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\services.exe
PID: 696
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\lsass.exe
PID: 708
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\ati2evxx.exe
PID: 904
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 924
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 980
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1100
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1152
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\ati2evxx.exe
PID: 1216
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1332
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\spoolsv.exe
PID: 1488
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1964
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 2036
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
PID: 152
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 180
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 232
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 324
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\DRIVERS\dcfssvc.exe
PID: 384
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 1240
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 1272
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PID: 1628
Hidden: No
Window Visible: No

Name: C:\Program Files\VolumeTouch\VolumeTouch.exe
PID: 1696
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
PID: 1756
Hidden: No
Window Visible: No

Name: C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
PID: 1788
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1808
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PID: 1820
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PID: 1992
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\wdfmgr.exe
PID: 320
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PID: 1924
Hidden: No
Window Visible: No

Name: C:\Program Files\Viewpoint\Common\ViewpointService.exe
PID: 456
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
PID: 472
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgemc.exe
PID: 1816
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe
PID: 1168
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
PID: 252
Hidden: No
Window Visible: No

Name: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PID: 1300
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 596
Hidden: No
Window Visible: No

Name: C:\Program Files\DellSupport\DSAgnt.exe
PID: 2056
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\All Users\Documents\Shared Programs\Digital Sticky Notes.exe
PID: 2156
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 2176
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\ctfmon.exe
PID: 2192
Hidden: No
Window Visible: No

Name: C:\Program Files\Digital Line Detect\DLG.exe
PID: 2256
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 2416
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 3292
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\alg.exe
PID: 3416
Hidden: No
Window Visible: No

Name: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PID: 3716
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 3944
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Ted TM Sadler\Desktop\SysProt\SysProt.exe
PID: 3864
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Ted TM Sadler\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: F7DED000
Module End: F7DF8000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F8A67000
Module End: F8A69000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F8977000
Module End: F897A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F8438000
Module End: F8466000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F8A69000
Module End: F8A6B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F8427000
Module End: F8438000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F8567000
Module End: F8571000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F8B2F000
Module End: F8B30000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F87E7000
Module End: F87EE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aliide.sys
Service Name: AliIde
Module Base: F8A6B000
Module End: F8A6D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cmdide.sys
Service Name: CmdIde
Module Base: F8A6D000
Module End: F8A6F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\toside.sys
Service Name: TosIde
Module Base: F8A6F000
Module End: F8A71000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaide.sys
Service Name: ViaIde
Module Base: F8A71000
Module End: F8A73000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: F8A73000
Module End: F8A75000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F8577000
Module End: F8582000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F8408000
Module End: F8427000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F87EF000
Module End: F87F4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F8587000
Module End: F8594000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cpqarray.sys
Service Name: Cpqarray
Module Base: F897B000
Module End: F897F000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: F83F0000
Module End: F8408000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F83D8000
Module End: F83F0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aha154x.sys
Service Name: Aha154x
Module Base: F897F000
Module End: F8983000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sparrow.sys
Service Name: Sparrow
Module Base: F87F7000
Module End: F87FC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\symc810.sys
Service Name: symc810
Module Base: F8983000
Module End: F8987000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aic78xx.sys
Service Name: aic78xx
Module Base: F8597000
Module End: F85A5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dac960nt.sys
Service Name: dac960nt
Module Base: F8987000
Module End: F898B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql10wnt.sys
Service Name: Ql10wnt
Module Base: F85A7000
Module End: F85B0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\amsint.sys
Service Name: amsint
Module Base: F898B000
Module End: F898E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc.sys
Service Name: asc
Module Base: F87FF000
Module End: F8806000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc3550.sys
Service Name: asc3550
Module Base: F898F000
Module End: F8993000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mraid35x.sys
Service Name: mraid35x
Module Base: F8807000
Module End: F880C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\i2omp.sys
Service Name: i2omp
Module Base: F880F000
Module End: F8814000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ini910u.sys
Service Name: ini910u
Module Base: F8993000
Module End: F8997000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1240.sys
Service Name: ql1240
Module Base: F85B7000
Module End: F85C1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aic78u2.sys
Service Name: aic78u2
Module Base: F85C7000
Module End: F85D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\symc8xx.sys
Service Name: symc8xx
Module Base: F8817000
Module End: F881F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sym_hi.sys
Service Name: sym_hi
Module Base: F881F000
Module End: F8826000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sym_u3.sys
Service Name: sym_u3
Module Base: F8827000
Module End: F882F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ABP480N5.SYS
Service Name: abp480n5
Module Base: F882F000
Module End: F8835000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc3350p.sys
Service Name: asc3350p
Module Base: F8837000
Module End: F883D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cd20xrnt.sys
Service Name: cd20xrnt
Module Base: F8A75000
Module End: F8A77000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ultra.sys
Service Name: ultra
Module Base: F85D7000
Module End: F85E0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\adpu160m.sys
Service Name: adpu160m
Module Base: F83BF000
Module End: F83D8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dpti2o.sys
Service Name: dpti2o
Module Base: F883F000
Module End: F8844000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1080.sys
Service Name: ql1080
Module Base: F85E7000
Module End: F85F1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1280.sys
Service Name: ql1280
Module Base: F85F7000
Module End: F8603000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql12160.sys
Service Name: ql12160
Module Base: F8607000
Module End: F8613000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\perc2.sys
Service Name: perc2
Module Base: F8847000
Module End: F884E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\perc2hib.sys
Service Name: perc2hib
Module Base: F8A77000
Module End: F8A79000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\hpn.sys
Service Name: hpn
Module Base: F884F000
Module End: F8856000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cbidf2k.sys
Service Name: cbidf
Module Base: F8997000
Module End: F899B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dac2w2k.sys
Service Name: dac2w2k
Module Base: F8393000
Module End: F83BF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F8617000
Module End: F8620000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F8627000
Module End: F8634000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F8373000
Module End: F8393000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F8361000
Module End: F8373000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drvmcdb.sys
Service Name: drvmcdb
Module Base: F834C000
Module End: F8361000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F8637000
Module End: F8640000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F8335000
Module End: F834C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F82A8000
Module End: F8335000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F827B000
Module End: F82A8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sisagp.sys
Service Name: sisagp
Module Base: F8647000
Module End: F8651000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaagp.sys
Service Name: viaagp
Module Base: F8657000
Module End: F8662000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F8261000
Module End: F827B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\agp440.sys
Service Name: agp440
Module Base: F8667000
Module End: F8672000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\alim1541.sys
Service Name: alim1541
Module Base: F8677000
Module End: F8682000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\amdagp.sys
Service Name: amdagp
Module Base: F8687000
Module End: F8692000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\agpCPQ.sys
Service Name: agpCPQ
Module Base: F8697000
Module End: F86A2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F8747000
Module End: F8750000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: F7575000
Module End: F7919000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F7393000
Module End: F73A7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F88A7000
Module End: F88AD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F7352000
Module End: F7376000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F88AF000
Module End: F88B7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Service Name: HSFHWBS2
Module Base: F731E000
Module End: F7352000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F72FB000
Module End: F731E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Service Name: HSF_DP
Module Base: F71FC000
Module End: F72FB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: F7155000
Module End: F71FC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F88B7000
Module End: F88BF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Service Name: E100B
Module Base: F712F000
Module End: F7155000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\smwdm.sys
Service Name: smwdm
Module Base: F7099000
Module End: F712F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F7075000
Module End: F7099000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F8787000
Module End: F8796000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aeaudio.sys
Service Name: aeaudio
Module Base: F8ADB000
Module End: F8ADD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F79A9000
Module End: F79B6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F88BF000
Module End: F88C5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F88C7000
Module End: F88CD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F7061000
Module End: F7075000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F7999000
Module End: F79A9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: F8229000
Module End: F822D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Service Name: sscdbhk5
Module Base: F8ADD000
Module End: F8ADF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F7989000
Module End: F7999000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7979000
Module End: F7988000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: F7969000
Module End: F7973000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7939000
Module End: F7944000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F8C68000
Module End: F8C69000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F7929000
Module End: F7936000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F821D000
Module End: F8220000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F704A000
Module End: F7061000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F7919000
Module End: F7924000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F8797000
Module End: F87A3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F88CF000
Module End: F88D4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F7039000
Module End: F704A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F87A7000
Module End: F87B0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F88D7000
Module End: F88DC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F88DF000
Module End: F88E4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanatw4.sys
Service Name: wanatw
Module Base: F88E7000
Module End: F88ED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F87B7000
Module End: F87C1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F8ADF000
Module End: F8AE1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F6FBF000
Module End: F701D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F8160000
Module End: F8164000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\omci.sys
Service Name: omci
Module Base: F88EF000
Module End: F88F4000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F8209000
Module End: F8213000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F81F9000
Module End: F8208000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F8AE1000
Module End: F8AE3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Service Name: MODEMCSA
Module Base: F8A17000
Module End: F8A1B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: F8A3B000
Module End: F8A3E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\DcCam.sys
Service Name: DcCam
Module Base: F81C9000
Module End: F81D2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\EXPORTIT.SYS
Service Name: Exportit
Module Base: EED9A000
Module End: EEDBB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F8C08000
Module End: F8C09000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F8AEF000
Module End: F8AF1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ssrtln.sys
Service Name: ssrtln
Module Base: F88FF000
Module End: F8905000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F8907000
Module End: F890D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F8AF5000
Module End: F8AF7000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F8AF7000
Module End: F8AF9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F8917000
Module End: F891F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F8A47000
Module End: F8A4A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: EED17000
Module End: EED2A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: EECBE000
Module End: EED17000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: EECA5000
Module End: EECBE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: EEC7F000
Module End: EECA5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: EEC57000
Module End: EEC7F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F8199000
Module End: F81A2000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: EEC35000
Module End: EEC57000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F8189000
Module End: F8192000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: EEC0A000
Module End: EEC35000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: EEB9A000
Module End: EEC0A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F8179000
Module End: F8184000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: F891F000
Module End: F8925000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: EEB49000
Module End: EEB9A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F86E7000
Module End: F86F7000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: EEB09000
Module End: EEB21000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F8A7B000
Module End: F8A7D000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F8A2F000
Module End: F8A32000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F887F000
Module End: F8884000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F8BF2000
Module End: F8BF3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drvnddm.sys
Service Name: drvnddm
Module Base: F7959000
Module End: F7963000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dcfs2k.sys
Service Name: DCFS2K
Module Base: F7949000
Module End: F7952000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsndres.sys
Service Name: tfsndres
Module Base: F8C50000
Module End: F8C51000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnifs.sys
Service Name: tfsnifs
Module Base: EC7B3000
Module End: EC7C9000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnopio.sys
Service Name: tfsnopio
Module Base: EC8E1000
Module End: EC8E5000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnpool.sys
Service Name: tfsnpool
Module Base: F8AA3000
Module End: F8AA5000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnboio.sys
Service Name: tfsnboio
Module Base: EED62000
Module End: EED69000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsncofs.sys
Service Name: tfsncofs
Module Base: F81D9000
Module End: F81E2000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsndrct.sys
Service Name: tfsndrct
Module Base: F8C52000
Module End: F8C53000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnudf.sys
Service Name: tfsnudf
Module Base: EC79A000
Module End: EC7B3000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnudfa.sys
Service Name: tfsnudfa
Module Base: EC781000
Module End: EC79A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: EC7D1000
Module End: EC7D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: EC44C000
Module End: EC461000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: EC621000
Module End: EC630000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: EC211000
Module End: EC23E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Service Name: dsunidrv
Module Base: F8AA7000
Module End: F8AA9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: EC246000
Module End: EC249000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: EC007000
Module End: EC059000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: EC881000
Module End: EC88B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: EB95B000
Module End: EB95E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: EC43C000
Module End: EC445000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F885F000
Module End: F8866000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: EEE5D000
Module End: EEE60000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: EED2A000
Module End: EED32000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Service Name: usbscan
Module Base: F701D000
Module End: F7021000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: F8927000
Module End: F892E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: F7D62000
Module End: F7D8D000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: SADLERHOME.GHA.CHARTERMI.NET:4727
Remote Address: WWW-10-03-ASH1.FACEBOOK.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: FIN_WAIT1

Local Address: SADLERHOME.GHA.CHARTERMI.NET:4446
Remote Address: WWW-10-03-ASH1.FACEBOOK.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: FIN_WAIT1

Local Address: SADLERHOME.GHA.CHARTERMI.NET:4338
Remote Address: WWW-10-03-ASH1.FACEBOOK.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: FIN_WAIT1

Local Address: SADLERHOME.GHA.CHARTERMI.NET:1322
Remote Address: 74.125.170.147:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SADLERHOME.GHA.CHARTERMI.NET:1319
Remote Address: 74.125.170.147:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SADLERHOME.GHA.CHARTERMI.NET:1316
Remote Address: 74.125.170.147:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SADLERHOME.GHA.CHARTERMI.NET:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: SADLERHOME:27015
Remote Address: LOCALHOST:1030
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: SADLERHOME:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: SADLERHOME:19944
Remote Address: LOCALHOST:1320
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SADLERHOME:19944
Remote Address: LOCALHOST:1317
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SADLERHOME:19944
Remote Address: LOCALHOST:1314
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SADLERHOME:19944
Remote Address: LOCALHOST:1311
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SADLERHOME:19944
Remote Address: LOCALHOST:1305
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SADLERHOME:19944
Remote Address: LOCALHOST:1227
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SADLERHOME:19944
Remote Address: LOCALHOST:1165
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SADLERHOME:19944
Remote Address: LOCALHOST:1153
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SADLERHOME:19944
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: LISTENING

Local Address: SADLERHOME:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: SADLERHOME:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: SADLERHOME:10110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: LISTENING

Local Address: SADLERHOME:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: SADLERHOME:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: SADLERHOME:1330
Remote Address: LOCALHOST:1329
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: SADLERHOME:1329
Remote Address: LOCALHOST:1330
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: SADLERHOME:1328
Remote Address: LOCALHOST:1327
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: SADLERHOME:1327
Remote Address: LOCALHOST:1328
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: SADLERHOME:1321
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SADLERHOME:1318
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SADLERHOME:1315
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SADLERHOME:1032
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\SYSTEM32\alg.exe
State: LISTENING

Local Address: SADLERHOME:1030
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: SADLERHOME:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: SADLERHOME:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: LISTENING

Local Address: SADLERHOME.GHA.CHARTERMI.NET:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: SADLERHOME.GHA.CHARTERMI.NET:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: SADLERHOME.GHA.CHARTERMI.NET:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: SADLERHOME.GHA.CHARTERMI.NET:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: SADLERHOME:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: SADLERHOME:54610
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: SADLERHOME:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\lsass.exe
State: NA

Local Address: SADLERHOME:1029
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: SADLERHOME:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\lsass.exe
State: NA

Local Address: SADLERHOME:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Ted TM Sadler\Local Settings\Application Data\Microsoft\Messenger\IAm_Resolved804@peoplepc.com\SharingMetadata\fooliest_3192@yahoo.com\DFSR\Staging\CS{95FD86EF-C9C4-424E-7B01-7F54E32FC2D0}\01\10-{95FD86EF-C9C4-424E-7B01-7F54E32FC
Status: Hidden

Object: C:\Documents and Settings\Ted TM Sadler\Local Settings\Temp\Temporary Internet Files\Content.IE5\CYO12L82\sw1%253a%2521fchandoff%252csw2%253a%2521fchandoff%252csw3%253a%2521fchandoff%26f%3D150550152%26id%3D7%26cbk%3Dfcloaded%26tgt%3D_bl,;dcopt=rcl;mtfIFPa
Status: Hidden

Object: C:\Documents and Settings\Ted TM Sadler\Local Settings\Temp\Temporary Internet Files\Content.IE5\CYO12L82\ZH9N8XJKTP96BLH&cookie=F5XKUQQWJAY4ZVEUGJ3HX1X1WU8HYXWH&browsertoken=U&platformtoken=Win32&language=en-us&pagetitle=Nexplore%20Search&referer=&screen
Status: Hidden

Object: C:\Documents and Settings\Ted TM Sadler\Local Settings\Temp\Temporary Internet Files\Content.IE5\WITTGQK9\0b3duBG5fdHlwAzIEc2NsYWJlbANHdXJuZWUsIElsbGlub2lzBHNlYwNpbmxpbmUEc2xrA2VudGl0eWhvdmVyX2NvBHVybANodHRwOi8vYjEyLm1haWwueWFob28uY29tL2RjL2xhdW5jaD8Edmlz
Status: Hidden

Object: C:\Documents and Settings\Ted TM Sadler\Local Settings\Temp\Temporary Internet Files\Content.IE5\WITTGQK9\sw1%253a%2521fchandoff%252csw2%253a%2521fchandoff%252csw3%253a%2521fchandoff%26f%3D150550689%26id%3D4%26cbk%3Dfcloaded%26tgt%3D_bl,;dcopt=rcl;mtfIFPa
Status: Hidden

Object: C:\Documents and Settings\Ted TM Sadler\Local Settings\Temp\Temporary Internet Files\Content.IE5\WITTGQK9\vd2lraQRuX3R5cAMxBHNjbGFiZWwDUHVibGljIEFjY2VzcwRzZWMDaW5saW5lBHNsawNlbnRpdHlob3Zlcl9jbwR1cmwDaHR0cDovL2IxMi5tYWlsLnlhaG9vLmNvbS9kYy9sYXVuY2g_BHZpc2li
Status: Hidden

Object: C:\Documents and Settings\Ted TM Sadler\My Documents\My Music\iTunes\iTunes Music\Various Artist
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}
Status: Access denied

Katana · August 2009

Step 1

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Step 2

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

MalwareBytes Log
Combofix Log
How are things running now ?

Additional Notes

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

Please go to this link Adobe Acrobat Reader Download Link
Click Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) . ( don't install it yet )

Scroll down to where it says "Java SE Runtime Environment (JRE)".
Click the "Download" button to the right.
- Platform = Windows
- Language = Multi Language
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

Theon804 · August 2009

MalwareBytes' Log

Malwarebytes' Anti-Malware 1.40
Database version: 2574
Windows 5.1.2600 Service Pack 3

8/7/2009 12:24:25 PM
mbam-log-2009-08-07 (12-24-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 262041
Time elapsed: 2 hour(s), 28 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\yahimeyo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\jifuharu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\SYSTEM32\jotogeni.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\SYSTEM32\wolijuke.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{400ccfef-7e5c-4153-b52c-6e798b6c2132} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{400ccfef-7e5c-4153-b52c-6e798b6c2132} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{400ccfef-7e5c-4153-b52c-6e798b6c2132} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\balewipobe (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jifuharu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jifuharu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jifuharu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\yahimeyo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\hakobiwa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jifuharu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\vatojeli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jotogeni.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\nozegako.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wolijuke.dll (Trojan.Vundo) -> Delete on reboot.

Theon804 · August 2009

ComboFix Log:

ComboFix 09-08-06.01 - Ted TM Sadler 08/07/2009 13:24.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.223 [GMT -4:00]
Running from: c:\documents and settings\Ted TM Sadler\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documents\MSPAINT.EXE
c:\program files\INSTALL.LOG
c:\windows\system32\bazoveza.dll
c:\windows\system32\bszip.dll
c:\windows\system32\buloboti.dll
c:\windows\system32\fonemike.dll
c:\windows\system32\gakofavo.dll
c:\windows\system32\gayujoje.dll
c:\windows\system32\jifafusu.dll
c:\windows\system32\juvokose.dll
c:\windows\system32\kekasika.dll
c:\windows\system32\kepapuvo.dll
c:\windows\system32\kutipani.dll
c:\windows\system32\lamisefi.dll
c:\windows\system32\loboseta.dll
c:\windows\system32\luribepo.dll
c:\windows\system32\majasohi.dll
c:\windows\system32\musivopa.dll
c:\windows\system32\pewodaju.dll
c:\windows\system32\saduyome.dll
c:\windows\system32\temekatu.dll
c:\windows\system32\vetahadu.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 )))))))))))))))))))))))))))))))
.

2009-08-05 22:51 . 2009-08-05 22:52

d

w- C:\rsit
2009-08-05 00:08 . 2009-08-05 00:08

d

w- c:\documents and settings\Ted Sadler\Application Data\Malwarebytes
2009-08-04 13:17 . 2009-08-04 13:17

d

w- c:\documents and settings\Ted TM Sadler\Application Data\Malwarebytes
2009-08-04 13:17 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 13:17 . 2009-08-04 13:17

d

w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-04 13:17 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 13:17 . 2009-08-04 13:17

d

w- c:\program files\Malwarebytes' Anti-Malware
2009-08-02 20:23 . 2009-08-02 20:23

d

w- c:\program files\Trend Micro
2009-07-24 22:18 . 2009-07-24 22:30

d

w- c:\documents and settings\Kaitlyn Sadler\Local Settings\Application Data\AskToolbar
2009-07-24 00:43 . 2009-07-24 00:43

d

w- c:\documents and settings\Amy Sadler\Local Settings\Application Data\AskToolbar
2009-07-22 01:41 . 2009-07-23 02:56

d

w- c:\program files\Windows Live Safety Center
2009-07-20 21:09 . 2009-07-20 21:09

d-sh--w- c:\documents and settings\Kaitlyn Sadler\PrivacIE
2009-07-20 14:21 . 2009-07-20 14:21

d

w- c:\program files\iPod
2009-07-20 14:10 . 2009-07-20 14:10 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-18 23:20 . 2009-07-18 23:20

d

w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-18 22:29 . 2009-07-18 22:30

d

w- c:\program files\Messenger Plus! Live
2009-07-18 12:12 . 2009-07-05 13:17 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-18 12:12 . 2009-07-05 13:17 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-18 12:12 . 2009-07-05 13:16 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-18 12:12 . 2009-07-05 13:16 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-18 12:12 . 2009-07-05 13:16 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-18 12:12 . 2009-07-05 13:16 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-18 12:12 . 2009-07-05 13:16 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-18 12:12 . 2009-07-05 13:16 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-18 12:12 . 2009-07-05 13:16 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-18 12:12 . 2009-07-05 13:16 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-18 12:12 . 2009-07-05 13:16 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-16 17:58 . 2009-07-25 14:38

d

w- c:\documents and settings\Ted Sadler\Local Settings\Application Data\AskToolbar
2009-07-16 12:28 . 2009-07-16 13:11

d

w- c:\documents and settings\Ted TM Sadler\Application Data\mIRC
2009-07-16 12:28 . 2009-07-16 13:03

d

w- c:\program files\mIRC
2009-07-15 22:28 . 2009-07-15 22:28

d

w- c:\documents and settings\Ted TM Sadler\Application Data\AskToolbar
2009-07-15 22:28 . 2009-08-07 02:28

d

w- c:\documents and settings\Ted TM Sadler\Local Settings\Application Data\AskToolbar
2009-07-15 22:06 . 2009-07-15 22:06

d

w- c:\program files\Ask.com
2009-07-13 01:15 . 2009-07-13 01:15

d

w- c:\documents and settings\Ted TM Sadler\Application Data\Nikon
2009-07-10 10:07 . 2009-07-10 10:07

d-sh--w- c:\documents and settings\Ted Sadler\IECompatCache
2009-07-10 10:03 . 2009-07-10 10:03

d-sh--w- c:\documents and settings\Ted Sadler\PrivacIE
2009-07-10 10:01 . 2009-07-10 10:01

d-sh--w- c:\documents and settings\Ted Sadler\IETldCache
2009-07-10 01:18 . 2009-07-10 01:18

d-sh--w- c:\documents and settings\Amy Sadler\PrivacIE
2009-07-09 02:34 . 2009-07-09 02:34

d

w- c:\windows\ie8updates
2009-07-09 01:24 . 2009-07-09 01:24

d-sh--w- c:\documents and settings\Ted TM Sadler\PrivacIE
2009-07-09 01:10 . 2009-07-09 01:11

d

w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-08 22:10 . 2009-07-03 17:09 12800

w- c:\windows\system32\dllcache\xpshims.dll
2009-07-08 22:10 . 2009-07-03 17:09 246272

w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-08 21:30 . 2009-07-13 15:13

d

w- c:\documents and settings\Ted TM Sadler\Application Data\GameRanger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 16:40 . 2005-04-08 00:59

d

w- c:\program files\Dl_cats
2009-08-07 15:12 . 2008-07-03 03:00

d

w- c:\program files\Mozilla Thunderbird
2009-08-06 01:12 . 2009-05-06 01:12 85504 --sha-w- c:\windows\system32\sahewowe.dll
2009-08-05 13:44 . 2007-01-22 01:23

d

w- c:\program files\e-Sword
2009-08-05 13:12 . 2009-05-05 13:12 84992 --sha-w- c:\windows\system32\nisimose.dll
2009-08-05 01:12 . 2009-05-05 01:12 84992 --sha-w- c:\windows\system32\jinuyeju.dll
2009-08-04 01:59 . 2009-05-04 01:59 50176 --sha-w- c:\windows\system32\hewigaga.dll
2009-08-04 01:59 . 2009-05-04 01:59 84992 --sha-w- c:\windows\system32\daforumu.dll
2009-08-03 13:55 . 2009-05-03 13:54 49664 --sha-w- c:\windows\system32\tanetezo.dll
2009-08-03 13:32 . 2009-05-03 13:32 83968 --sha-w- c:\windows\system32\dasofupu.dll
2009-08-03 01:12 . 2009-05-03 01:12 50176 --sha-w- c:\windows\system32\pimitufo.dll
2009-08-03 01:12 . 2009-05-03 01:12 83968 --sha-w- c:\windows\system32\buwelahi.dll
2009-08-02 13:11 . 2009-05-02 13:11 84480 --sha-w- c:\windows\system32\jetuvuna.dll
2009-08-01 23:47 . 2008-06-04 16:01 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-07-24 22:30 . 2005-04-07 23:58

d

w- c:\program files\Google
2009-07-24 00:14 . 2005-04-08 01:43

d

w- c:\program files\Quicken
2009-07-20 14:22 . 2007-03-26 03:51

d

w- c:\program files\iTunes
2009-07-20 14:20 . 2007-10-28 13:45

d

w- c:\program files\Common Files\Apple
2009-07-18 22:25 . 2009-02-01 00:16

d

w- c:\documents and settings\Ted TM Sadler\Application Data\Apple Computer
2009-07-18 12:12 . 2009-03-15 17:42 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-09 16:35 . 2009-05-29 14:20

d

w- c:\program files\Teamspeak2_RC2
2009-07-09 14:55 . 2009-02-08 19:36

d

w- c:\documents and settings\Ted TM Sadler\Application Data\NCH Swift Sound
2009-07-09 14:55 . 2006-10-15 17:54

d

w- c:\program files\NCH Swift Sound
2009-07-09 14:54 . 2008-05-19 00:39

d

w- c:\program files\Winamp
2009-07-09 14:24 . 2009-03-15 17:30

d

w- c:\program files\QuickTime
2009-07-09 12:12 . 2009-05-29 14:20

d

w- c:\documents and settings\Ted TM Sadler\Application Data\teamspeak2
2009-07-08 21:31 . 2009-02-19 22:21

d

w- c:\documents and settings\Ted TM Sadler\Application Data\WeatherBug
2009-07-08 19:59 . 2009-02-17 23:15

d

w- c:\documents and settings\Ted TM Sadler\Application Data\AdobeUM
2009-07-05 13:17 . 2009-03-15 17:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-05 13:17 . 2007-03-18 20:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-03 17:09 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-23 20:21 . 2009-02-01 00:08

d

w- c:\documents and settings\Ted TM Sadler\Application Data\GOODSEARCH
2009-06-16 14:36 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 07:04 . 2009-01-09 00:06

d

w- c:\program files\Microsoft Works
2009-06-13 01:22 . 2009-06-13 01:22

d

w- c:\program files\Microsoft
2009-06-13 01:21 . 2009-06-13 01:21

d

w- c:\program files\Windows Live SkyDrive
2009-06-13 01:21 . 2008-03-08 22:32

d

w- c:\program files\Windows Live
2009-06-12 22:19 . 2009-06-12 22:19

d

w- c:\program files\Common Files\Windows Live
2009-06-12 21:59 . 2007-01-22 01:26

d

w- c:\program files\Sierra On-Line
2009-06-04 00:06 . 2007-01-12 02:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-03 19:09 . 2004-08-04 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-23 13:27 . 2009-03-15 17:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-22 21:47 . 2009-02-24 02:13 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-22 18:55 . 2008-02-27 21:37 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-05-22 18:55 . 2008-02-27 21:37 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-05-22 18:55 . 2008-02-27 21:37 12067 ----atw- c:\windows\system32\SIntf16.dll
2003-12-18 15:33 . 2009-02-24 00:43 20102 -c--a-w- c:\program files\Readme.txt
2003-09-03 11:46 . 2009-02-24 00:43 10960 -c--a-w- c:\program files\EULA.txt
2009-05-04 02:10 . 2009-05-04 02:10 50176 --sha-w- c:\windows\SYSTEM32\guyetisu.dll
2009-05-03 14:06 . 2009-05-03 14:06 49664 --sha-w- c:\windows\SYSTEM32\kiremava.dll
2009-05-03 01:13 . 2009-05-03 01:13 50176 --sha-w- c:\windows\SYSTEM32\kusoyaji.dll.tmp
2009-05-03 14:06 . 2009-05-03 14:06 49664 --sha-w- c:\windows\SYSTEM32\supilime.dll.tmp
2009-05-04 02:10 . 2009-05-04 02:10 50176 --sha-w- c:\windows\SYSTEM32\tigifofi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-13 23:01 1168264 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-13 1168264]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-13 1168264]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"FreeNote"="c:\documents and settings\All Users\Documents\Shared Programs\Digital Sticky Notes.exe" [2004-02-28 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"VolumeTouch"="c:\program files\VolumeTouch\VolumeTouch.exe" [2005-07-22 184320]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-05 1948440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

c:\documents and settings\Amy Sadler\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2006-3-26 189952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-3-29 24576]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-7-30 53248]
Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-7-30 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-05 13:17 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BZFLAG\\bzflag.exe"=
"c:\\Program Files\\BZFlag2.0.10rc3\\bzflag.exe"=
"c:\\Program Files\\BZFLAG\\bzfs.exe"=
"c:\\Program Files\\BZFlag2.0.10rc3\\bzfs.exe"=
"c:\\Sierra\\Homeworld\\homeworld.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
"c:\\Program Files\\NetMeeting\\CONF.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Documents and Settings\\Ted TM Sadler\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9339:TCP"= 9339:TCP:Poker

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [3/15/2009 1:42 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [3/15/2009 1:42 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/15/2009 1:42 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/15/2009 1:41 PM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/8/2008 6:32 PM 24652]
S2 mrtRate;mrtRate; [x]
S3 gbalink;GBA Link Driver (gbalink.sys);c:\windows\SYSTEM32\DRIVERS\gbalink.sys [2/10/2008 9:43 PM 19677]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\TEDTMS~1\LOCALS~1\Temp\jnv4_mib.sys --> c:\docume~1\TEDTMS~1\LOCALS~1\Temp\jnv4_mib.sys [?]
S3 LTower;LEGO USB Tower Driver;c:\windows\SYSTEM32\DRIVERS\LTower.sys [12/26/2005 12:15 PM 36981]
S3 qslwdmsu;qslwdmsu;\??\c:\docume~1\TEDTMS~1\LOCALS~1\Temp\qslwdmsu.sys --> c:\docume~1\TEDTMS~1\LOCALS~1\Temp\qslwdmsu.sys [?]
S3 TdcLps;TdcLps;\??\c:\docume~1\TEDTMS~1\LOCALS~1\Temp\TdcLps.sys --> c:\docume~1\TEDTMS~1\LOCALS~1\Temp\TdcLps.sys [?]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\SYSTEM32\DRIVERS\wip0204.sys [8/17/2008 2:01 PM 23480]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-13 23:01]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)

.

Supplementary Scan

.
uStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = https://en-us.add-ons.mozilla.com/en-US/thunderbird/2.0.0.17/themes/
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
DPF: {00C7C2A0-8B82-11D1-8B57-00A0C98CD92B} - hxxps://www.ucctops.com/UCC/ARVIEWER.CAB
DPF: {0914A6AD-B2B2-489D-9F8A-65AC0892C16F} - hxxps://www.ucctops.com/UCC/OUTLOADACTIVEX.CAB
DPF: {110684D6-FD55-11D4-B95D-0008C7BBC99A} - hxxps://www.ucctops.com/UCC/UCCCENTEREMP.CAB
DPF: {198D7217-D4DE-4F1C-9653-67FA935BBF2E} - hxxps://www.ucctops.com/UCC/UCCMEMBERCOMMENT.CAB
DPF: {37EDD7F1-F9D2-11D3-B92F-0008C7B328E7} - hxxps://www.ucctops.com/UCC/UCCVENDORCOMMENT.CAB
DPF: {3AB35C72-FBC9-11D4-B95A-0008C7BBC99A} - hxxps://www.ucctops.com/UCC/UCCVENDOR_CENTER.CAB
DPF: {3E868D8B-D560-11D3-B8E1-0008C7B328E7} - hxxps://www.ucctops.com/UCC/UCCVENDORCONTACT.CAB
DPF: {508CF561-90FD-11D3-B86B-0008C7B328E7} - hxxps://www.ucctops.com/UCC/UCCORDEREDITEMS.CAB
DPF: {5F7EF593-FD4C-11D4-B95D-0008C7BBC99A} - hxxps://www.ucctops.com/UCC/UCCVENDOREMP.CAB
DPF: {6DCE5A95-534F-4589-8F34-B80BD8F86A23} - hxxps://www.ucctops.com/UCC/UCCFEESCENTER.CAB
DPF: {719D6B64-25D8-11D4-B85E-0008C7BBC99A} - hxxps://www.ucctops.com/ucc/OrderPayment.CAB
DPF: {7F3AADF6-83B7-4993-92D3-5AF9AE33F0F0} - hxxps://www.ucctops.com/cabs/UCCDate.CAB
DPF: {890D538D-BB75-11D4-B90A-0008C7BBC99A} - hxxps://www.ucctops.com/UCC/UCCCENTERVENDOR.CAB
DPF: {92AA2752-FD2D-11D4-B95D-0008C7BBC99A} - hxxps://www.ucctops.com/UCC/EMPLOYEECENTER.CAB
DPF: {9B330208-A8FD-48CE-B10F-C69F68629DAF} - hxxps://www.ucctops.com/ucc/SecurityActiveX.CAB
DPF: {9C2142D6-65DE-11D3-B809-0008C7B328E7} - hxxps://www.ucctops.com/UCC/UCCLVENDORFACILITY.CAB
DPF: {9DD2D2FB-8E09-4EB5-985C-3E2CAFF81BE8} - hxxps://www.ucctops.com/UCC/UCCVENDORFACILITY.CAB
DPF: {ABB987D4-3BB1-11D4-A72C-0050BAB0F843} - hxxps://www.ucctops.com/UCC/ROUTELOCATION.CAB
DPF: {AC253AD4-C8EA-425F-820A-12993CDBC5BB} - hxxps://www.ucctops.com/UCC/UCCVENDORPAYTO.CAB
DPF: {AECA0013-460B-4BD4-B6ED-5BCD714E8678} - hxxps://www.ucctops.com/UCC/PRJUCCEFTMERCH.CAB
DPF: {B1BFC425-32F8-11D4-AD62-0050BAB0F843} - hxxps://www.ucctops.com/UCC/ORDERTOLOAD.CAB
DPF: {CD2368C8-0429-11D5-8E96-00C04F580C6F} - hxxps://www.ucctops.com/UCC/UCCDATECONTROL.CAB
DPF: {D17D5567-5202-45C5-A7E2-CECA48101268} - hxxps://www.ucctops.com/UCC/UCCSUPPLIERLIST.CAB
DPF: {D2BA89C9-E60A-497F-8CBF-DDCC05B6125F} - hxxp://www.ucctops.com/ucc/UCCOrderedItems.CAB
DPF: {DB944E32-A10B-4D97-AA5E-B7451C157B0A} - hxxps://www.ucctops.com/ucc/UCC_PODiscussionsXML.cab
DPF: {DED417FF-FD42-11D4-B95D-0008C7BBC99A} - hxxps://www.ucctops.com/UCC/EMPLOYEEVENDOR.CAB
DPF: {DF2CD7C9-D585-4E39-8A60-A7CC72801B7D} - hxxps://www.ucctops.com/UCC/uccAPI.CAB
DPF: {EEB96741-4027-4B6A-98FE-6FE6DCE89F87} - hxxps://www.ucctops.com/UCC/UCCEFTMEMB.CAB
DPF: {F6A7C954-3CD2-4B78-A56F-4C488E363035} - hxxps://www.ucctops.com/ucc/UCCMemberPayment.CAB
FF - ProfilePath - c:\documents and settings\Ted TM Sadler\Application Data\Mozilla\Firefox\Profiles\bpjobu9v.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Ted TM Sadler\Application Data\Mozilla\Firefox\Profiles\bpjobu9v.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-07 13:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.

DLLs Loaded Under Running Processes

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2176)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.

Other Running Processes

.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\DRIVERS\dcfssvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-07 13:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-07 17:57

Pre-Run: 110,542,311,424 bytes free
Post-Run: 111,656,947,712 bytes free

414 --- E O F --- 2009-07-29 07:02

Theon804 · August 2009

Well, everything seems to be running smoothly again. =] I haven't gotten any popups today, and after I performed those last two scans with MalwareBytes' and ComboFix, I updated my Java and Adobe like you asked. I haven't been getting those annoying 'memory problem' messages from FireFox anymore either.

The first time I ran ComboFix, it downloaded 'Windows Recovery Console', like the guide said it would. But then it just sat there saying '100% complete' and wouldn't prompt me at all for several minutes. So I closed it and ran it again, and it went straight to scanning and completed without a hitch.

So what did you gather from the logs I posted? The only weird thing I noticed was that ComboFix deleted MSPaint from my All Users/Documents folder. =/ I have no idea how it got there in the first place lol.

Thank you so much. I will check back for your response, and then I will return again in the future if I have any more problems. You've been most helpful. =]

Thanks again,
Theon

Katana · August 2009

Step 1

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

http://icrontic.com/forum/showthread.php?p=702706#post702706
Collect::
c:\windows\system32\sahewowe.dll
c:\windows\system32\nisimose.dll
c:\windows\system32\jinuyeju.dll
c:\windows\system32\hewigaga.dll
c:\windows\system32\daforumu.dll
c:\windows\system32\tanetezo.dll
c:\windows\system32\dasofupu.dll
c:\windows\system32\pimitufo.dll
c:\windows\system32\buwelahi.dll
c:\windows\system32\jetuvuna.dll
c:\windows\SYSTEM32\guyetisu.dll
c:\windows\SYSTEM32\kiremava.dll
c:\windows\SYSTEM32\kusoyaji.dll.tmp
c:\windows\SYSTEM32\supilime.dll.tmp
c:\windows\SYSTEM32\tigifofi.dll

Driver::
mrtRate
jnv4_mib
qslwdmsu
TdcLps

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
ADS::

Save this as CFScript.txt and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
- Ensure you are connected to the internet and click OK on the message box.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Step 2

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Combofix Log
Kaspersky log

Theon804 · August 2009

ComboFix log (custom script):

ComboFix 09-08-07.01 - Ted TM Sadler 08/07/2009 15:16.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.280 [GMT -4:00]
Running from: c:\documents and settings\Ted TM Sadler\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ted TM Sadler\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\windows\system32\buwelahi.dll
file zipped: c:\windows\system32\daforumu.dll
file zipped: c:\windows\system32\dasofupu.dll
file zipped: c:\windows\SYSTEM32\guyetisu.dll
file zipped: c:\windows\system32\hewigaga.dll
file zipped: c:\windows\system32\jetuvuna.dll
file zipped: c:\windows\system32\jinuyeju.dll
file zipped: c:\windows\SYSTEM32\kiremava.dll
file zipped: c:\windows\SYSTEM32\kusoyaji.dll.tmp
file zipped: c:\windows\system32\nisimose.dll
file zipped: c:\windows\system32\pimitufo.dll
file zipped: c:\windows\system32\sahewowe.dll
file zipped: c:\windows\SYSTEM32\supilime.dll.tmp
file zipped: c:\windows\system32\tanetezo.dll
file zipped: c:\windows\SYSTEM32\tigifofi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\66fc.msi
c:\windows\Installer\a61c655.msi
c:\windows\system32\buwelahi.dll
c:\windows\system32\daforumu.dll
c:\windows\system32\dasofupu.dll
c:\windows\SYSTEM32\guyetisu.dll
c:\windows\system32\hewigaga.dll
c:\windows\system32\jetuvuna.dll
c:\windows\system32\jinuyeju.dll
c:\windows\SYSTEM32\kiremava.dll
c:\windows\SYSTEM32\kusoyaji.dll.tmp
c:\windows\system32\nisimose.dll
c:\windows\system32\pimitufo.dll
c:\windows\system32\sahewowe.dll
c:\windows\SYSTEM32\supilime.dll.tmp
c:\windows\system32\tanetezo.dll
c:\windows\SYSTEM32\tigifofi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

\Legacy_JNV4_MIB

\Service_jnv4_mib

\Service_mrtRate

\Service_qslwdmsu

\Service_TdcLps

((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 )))))))))))))))))))))))))))))))
.

2009-08-07 18:27 . 2009-08-07 19:11

d

w- c:\documents and settings\All Users\Application Data\NOS
2009-08-07 18:27 . 2009-08-07 19:11

d

w- c:\program files\NOS
2009-08-07 18:25 . 2009-08-07 18:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-05 22:51 . 2009-08-05 22:52

d

w- C:\rsit
2009-08-05 00:08 . 2009-08-05 00:08

d

w- c:\documents and settings\Ted Sadler\Application Data\Malwarebytes
2009-08-04 13:17 . 2009-08-04 13:17

d

w- c:\documents and settings\Ted TM Sadler\Application Data\Malwarebytes
2009-08-04 13:17 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 13:17 . 2009-08-04 13:17

d

w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-04 13:17 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 13:17 . 2009-08-04 13:17

d

w- c:\program files\Malwarebytes' Anti-Malware
2009-08-02 20:23 . 2009-08-02 20:23

d

w- c:\program files\Trend Micro
2009-07-24 22:18 . 2009-07-24 22:30

d

w- c:\documents and settings\Kaitlyn Sadler\Local Settings\Application Data\AskToolbar
2009-07-24 00:43 . 2009-07-24 00:43

d

w- c:\documents and settings\Amy Sadler\Local Settings\Application Data\AskToolbar
2009-07-22 01:41 . 2009-07-23 02:56

d

w- c:\program files\Windows Live Safety Center
2009-07-20 21:09 . 2009-07-20 21:09

d-sh--w- c:\documents and settings\Kaitlyn Sadler\PrivacIE
2009-07-20 14:21 . 2009-07-20 14:21

d

w- c:\program files\iPod
2009-07-20 14:10 . 2009-07-20 14:10 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-18 23:20 . 2009-07-18 23:20

d

w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-18 22:29 . 2009-07-18 22:30

d

w- c:\program files\Messenger Plus! Live
2009-07-18 12:12 . 2009-07-05 13:17 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-18 12:12 . 2009-07-05 13:17 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-18 12:12 . 2009-07-05 13:16 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-18 12:12 . 2009-07-05 13:16 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-18 12:12 . 2009-07-05 13:16 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-18 12:12 . 2009-07-05 13:16 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-18 12:12 . 2009-07-05 13:16 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-18 12:12 . 2009-07-05 13:16 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-18 12:12 . 2009-07-05 13:16 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-18 12:12 . 2009-07-05 13:16 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-18 12:12 . 2009-07-05 13:16 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-16 17:58 . 2009-07-25 14:38

d

w- c:\documents and settings\Ted Sadler\Local Settings\Application Data\AskToolbar
2009-07-16 12:28 . 2009-07-16 13:11

d

w- c:\documents and settings\Ted TM Sadler\Application Data\mIRC
2009-07-16 12:28 . 2009-07-16 13:03

d

w- c:\program files\mIRC
2009-07-15 22:28 . 2009-07-15 22:28

d

w- c:\documents and settings\Ted TM Sadler\Application Data\AskToolbar
2009-07-15 22:28 . 2009-08-07 02:28

d

w- c:\documents and settings\Ted TM Sadler\Local Settings\Application Data\AskToolbar
2009-07-15 22:06 . 2009-07-15 22:06

d

w- c:\program files\Ask.com
2009-07-13 01:15 . 2009-07-13 01:15

d

w- c:\documents and settings\Ted TM Sadler\Application Data\Nikon
2009-07-10 10:07 . 2009-07-10 10:07

d-sh--w- c:\documents and settings\Ted Sadler\IECompatCache
2009-07-10 10:03 . 2009-07-10 10:03

d-sh--w- c:\documents and settings\Ted Sadler\PrivacIE
2009-07-10 10:01 . 2009-07-10 10:01

d-sh--w- c:\documents and settings\Ted Sadler\IETldCache
2009-07-10 01:18 . 2009-07-10 01:18

d-sh--w- c:\documents and settings\Amy Sadler\PrivacIE
2009-07-09 02:34 . 2009-07-09 02:34

d

w- c:\windows\ie8updates
2009-07-09 01:24 . 2009-07-09 01:24

d-sh--w- c:\documents and settings\Ted TM Sadler\PrivacIE
2009-07-09 01:10 . 2009-07-09 01:11

d

w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-08 22:10 . 2009-07-03 17:09 12800

w- c:\windows\system32\dllcache\xpshims.dll
2009-07-08 22:10 . 2009-07-03 17:09 246272

w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-08 21:30 . 2009-07-13 15:13

d

w- c:\documents and settings\Ted TM Sadler\Application Data\GameRanger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 19:01 . 2008-07-03 03:00

d

w- c:\program files\Mozilla Thunderbird
2009-08-07 18:25 . 2005-03-29 05:53

d

w- c:\program files\Java
2009-08-07 18:19 . 2005-04-29 10:42

d

w- c:\program files\Common Files\Adobe
2009-08-07 16:40 . 2005-04-08 00:59

d

w- c:\program files\Dl_cats
2009-08-05 13:44 . 2007-01-22 01:23

d

w- c:\program files\e-Sword
2009-08-01 23:47 . 2008-06-04 16:01 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-07-24 22:30 . 2005-04-07 23:58

d

w- c:\program files\Google
2009-07-24 00:14 . 2005-04-08 01:43

d

w- c:\program files\Quicken
2009-07-20 14:22 . 2007-03-26 03:51

d

w- c:\program files\iTunes
2009-07-20 14:20 . 2007-10-28 13:45

d

w- c:\program files\Common Files\Apple
2009-07-18 22:25 . 2009-02-01 00:16

d

w- c:\documents and settings\Ted TM Sadler\Application Data\Apple Computer
2009-07-18 12:12 . 2009-03-15 17:42 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-09 16:35 . 2009-05-29 14:20

d

w- c:\program files\Teamspeak2_RC2
2009-07-09 14:55 . 2009-02-08 19:36

d

w- c:\documents and settings\Ted TM Sadler\Application Data\NCH Swift Sound
2009-07-09 14:55 . 2006-10-15 17:54

d

w- c:\program files\NCH Swift Sound
2009-07-09 14:54 . 2008-05-19 00:39

d

w- c:\program files\Winamp
2009-07-09 14:24 . 2009-03-15 17:30

d

w- c:\program files\QuickTime
2009-07-09 12:12 . 2009-05-29 14:20

d

w- c:\documents and settings\Ted TM Sadler\Application Data\teamspeak2
2009-07-08 21:31 . 2009-02-19 22:21

d

w- c:\documents and settings\Ted TM Sadler\Application Data\WeatherBug
2009-07-08 19:59 . 2009-02-17 23:15

d

w- c:\documents and settings\Ted TM Sadler\Application Data\AdobeUM
2009-07-05 13:17 . 2009-03-15 17:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-05 13:17 . 2007-03-18 20:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-03 17:09 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-23 20:21 . 2009-02-01 00:08

d

w- c:\documents and settings\Ted TM Sadler\Application Data\GOODSEARCH
2009-06-16 14:36 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 07:04 . 2009-01-09 00:06

d

w- c:\program files\Microsoft Works
2009-06-13 01:22 . 2009-06-13 01:22

d

w- c:\program files\Microsoft
2009-06-13 01:21 . 2009-06-13 01:21

d

w- c:\program files\Windows Live SkyDrive
2009-06-13 01:21 . 2008-03-08 22:32

d

w- c:\program files\Windows Live
2009-06-12 22:19 . 2009-06-12 22:19

d

w- c:\program files\Common Files\Windows Live
2009-06-12 21:59 . 2007-01-22 01:26

d

w- c:\program files\Sierra On-Line
2009-06-04 00:06 . 2007-01-12 02:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-03 19:09 . 2004-08-04 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-23 13:27 . 2009-03-15 17:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-22 21:47 . 2009-02-24 02:13 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-22 18:55 . 2008-02-27 21:37 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-05-22 18:55 . 2008-02-27 21:37 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-05-22 18:55 . 2008-02-27 21:37 12067 ----atw- c:\windows\system32\SIntf16.dll
2003-12-18 15:33 . 2009-02-24 00:43 20102 -c--a-w- c:\program files\Readme.txt
2003-09-03 11:46 . 2009-02-24 00:43 10960 -c--a-w- c:\program files\EULA.txt
.

((((((((((((((((((((((((((((( SnapShot@2009-08-07_17.42.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-07 19:31 . 2009-08-07 19:31 16384 c:\windows\temp\Perflib_Perfdata_128.dat
+ 2009-08-07 19:28 . 2009-08-07 19:28 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-07 19:28 . 2009-08-07 19:28 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-07 18:25 . 2009-08-07 18:25 149280 c:\windows\SYSTEM32\javaws.exe
+ 2009-08-07 18:25 . 2009-08-07 18:25 145184 c:\windows\SYSTEM32\javaw.exe
+ 2009-08-07 18:25 . 2009-08-07 18:25 145184 c:\windows\SYSTEM32\java.exe
+ 2009-08-07 19:28 . 2009-08-07 19:28 172032 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-07 19:28 . 2009-08-07 19:28 245760 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-07 19:28 . 2009-08-07 19:28 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-07 18:25 . 2009-08-07 18:25 1757696 c:\windows\Installer\20cbc1.msi
+ 2009-08-07 18:20 . 2009-08-07 18:20 3938816 c:\windows\Installer\20cbba.msi
+ 2009-08-07 19:28 . 2009-08-07 19:28 4382720 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-13 23:01 1168264 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-13 1168264]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-13 1168264]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"FreeNote"="c:\documents and settings\All Users\Documents\Shared Programs\Digital Sticky Notes.exe" [2004-02-28 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"VolumeTouch"="c:\program files\VolumeTouch\VolumeTouch.exe" [2005-07-22 184320]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-07 149280]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-05 1948440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\documents and settings\Amy Sadler\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2006-3-26 189952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-3-29 24576]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-7-30 53248]
Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-7-30 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-05 13:17 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BZFLAG\\bzflag.exe"=
"c:\\Program Files\\BZFlag2.0.10rc3\\bzflag.exe"=
"c:\\Program Files\\BZFLAG\\bzfs.exe"=
"c:\\Program Files\\BZFlag2.0.10rc3\\bzfs.exe"=
"c:\\Sierra\\Homeworld\\homeworld.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
"c:\\Program Files\\NetMeeting\\CONF.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Documents and Settings\\Ted TM Sadler\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9339:TCP"= 9339:TCP:Poker

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [3/15/2009 1:42 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [3/15/2009 1:42 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/15/2009 1:42 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/15/2009 1:41 PM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/8/2008 6:32 PM 24652]
S3 gbalink;GBA Link Driver (gbalink.sys);c:\windows\SYSTEM32\DRIVERS\gbalink.sys [2/10/2008 9:43 PM 19677]
S3 LTower;LEGO USB Tower Driver;c:\windows\SYSTEM32\DRIVERS\LTower.sys [12/26/2005 12:15 PM 36981]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\SYSTEM32\DRIVERS\wip0204.sys [8/17/2008 2:01 PM 23480]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-13 23:01]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = https://en-us.add-ons.mozilla.com/en-US/thunderbird/2.0.0.17/themes/
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
DPF: {00C7C2A0-8B82-11D1-8B57-00A0C98CD92B} - hxxps://www.ucctops.com/UCC/ARVIEWER.CAB
DPF: {0914A6AD-B2B2-489D-9F8A-65AC0892C16F} - hxxps://www.ucctops.com/UCC/OUTLOADACTIVEX.CAB
DPF: {110684D6-FD55-11D4-B95D-0008C7BBC99A} - hxxps://www.ucctops.com/UCC/UCCCENTEREMP.CAB
DPF: {198D7217-D4DE-4F1C-9653-67FA935BBF2E} - hxxps://www.ucctops.com/UCC/UCCMEMBERCOMMENT.CAB
DPF: {37EDD7F1-F9D2-11D3-B92F-0008C7B328E7} - hxxps://www.ucctops.com/UCC/UCCVENDORCOMMENT.CAB
DPF: {3AB35C72-FBC9-11D4-B95A-0008C7BBC99A} - hxxps://www.ucctops.com/UCC/UCCVENDOR_CENTER.CAB
DPF: {3E868D8B-D560-11D3-B8E1-0008C7B328E7} - hxxps://www.ucctops.com/UCC/UCCVENDORCONTACT.CAB
DPF: {508CF561-90FD-11D3-B86B-0008C7B328E7} - hxxps://www.ucctops.com/UCC/UCCORDEREDITEMS.CAB
DPF: {5F7EF593-FD4C-11D4-B95D-0008C7BBC99A} - hxxps://www.ucctops.com/UCC/UCCVENDOREMP.CAB
DPF: {6DCE5A95-534F-4589-8F34-B80BD8F86A23} - hxxps://www.ucctops.com/UCC/UCCFEESCENTER.CAB
DPF: {719D6B64-25D8-11D4-B85E-0008C7BBC99A} - hxxps://www.ucctops.com/ucc/OrderPayment.CAB
DPF: {7F3AADF6-83B7-4993-92D3-5AF9AE33F0F0} - hxxps://www.ucctops.com/cabs/UCCDate.CAB
DPF: {890D538D-BB75-11D4-B90A-0008C7BBC99A} - hxxps://www.ucctops.com/UCC/UCCCENTERVENDOR.CAB
DPF: {92AA2752-FD2D-11D4-B95D-0008C7BBC99A} - hxxps://www.ucctops.com/UCC/EMPLOYEECENTER.CAB
DPF: {9B330208-A8FD-48CE-B10F-C69F68629DAF} - hxxps://www.ucctops.com/ucc/SecurityActiveX.CAB
DPF: {9C2142D6-65DE-11D3-B809-0008C7B328E7} - hxxps://www.ucctops.com/UCC/UCCLVENDORFACILITY.CAB
DPF: {9DD2D2FB-8E09-4EB5-985C-3E2CAFF81BE8} - hxxps://www.ucctops.com/UCC/UCCVENDORFACILITY.CAB
DPF: {ABB987D4-3BB1-11D4-A72C-0050BAB0F843} - hxxps://www.ucctops.com/UCC/ROUTELOCATION.CAB
DPF: {AC253AD4-C8EA-425F-820A-12993CDBC5BB} - hxxps://www.ucctops.com/UCC/UCCVENDORPAYTO.CAB
DPF: {AECA0013-460B-4BD4-B6ED-5BCD714E8678} - hxxps://www.ucctops.com/UCC/PRJUCCEFTMERCH.CAB
DPF: {B1BFC425-32F8-11D4-AD62-0050BAB0F843} - hxxps://www.ucctops.com/UCC/ORDERTOLOAD.CAB
DPF: {CD2368C8-0429-11D5-8E96-00C04F580C6F} - hxxps://www.ucctops.com/UCC/UCCDATECONTROL.CAB
DPF: {D17D5567-5202-45C5-A7E2-CECA48101268} - hxxps://www.ucctops.com/UCC/UCCSUPPLIERLIST.CAB
DPF: {D2BA89C9-E60A-497F-8CBF-DDCC05B6125F} - hxxp://www.ucctops.com/ucc/UCCOrderedItems.CAB
DPF: {DB944E32-A10B-4D97-AA5E-B7451C157B0A} - hxxps://www.ucctops.com/ucc/UCC_PODiscussionsXML.cab
DPF: {DED417FF-FD42-11D4-B95D-0008C7BBC99A} - hxxps://www.ucctops.com/UCC/EMPLOYEEVENDOR.CAB
DPF: {DF2CD7C9-D585-4E39-8A60-A7CC72801B7D} - hxxps://www.ucctops.com/UCC/uccAPI.CAB
DPF: {EEB96741-4027-4B6A-98FE-6FE6DCE89F87} - hxxps://www.ucctops.com/UCC/UCCEFTMEMB.CAB
DPF: {F6A7C954-3CD2-4B78-A56F-4C488E363035} - hxxps://www.ucctops.com/ucc/UCCMemberPayment.CAB
FF - ProfilePath - c:\documents and settings\Ted TM Sadler\Application Data\Mozilla\Firefox\Profiles\bpjobu9v.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Ted TM Sadler\Application Data\Mozilla\Firefox\Profiles\bpjobu9v.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-07 15:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3952)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.

Other Running Processes

.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\DRIVERS\dcfssvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-08-07 15:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-07 19:45
ComboFix2.txt 2009-08-07 17:57

Pre-Run: 111,234,560,000 bytes free
Post-Run: 111,187,546,112 bytes free

408 --- E O F --- 2009-07-29 07:02

Theon804 · August 2009

Ummm.. I tried to perform the Kaspersky scan (yes, I opened it with IE), but for some reason it failed to update. It got to about 17% of the database update and then said it failed. I tried again and it didn't get far at all before it failed again. =/

Katana · August 2009

Try this instead

Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK

Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.

Theon804 · August 2009

Alright, thanks. I will do this within the next three days. I share this PC, and my parents will be home this weekend and will want to use the PC.

Theon804 · August 2009

No, I have not yet gotten a chance to scan my computer again, but I do have a question.

Will this be the last scan, or will you have more things for me to run?

Katana · August 2009

It depends what the scan shows.

Theon804 · August 2009

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-09 02:02:23
PROTECTIONS: 1
MALWARE: 42
SUSPECTS: 9
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.5 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00132734 adware/24-7-search Adware No 0 Yes No c:\windows\system32\unppc.exe
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Ted TM Sadler\Cookies\ted_tm_sadler@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ted TM Sadler\Cookies\ted_tm_sadler@atdmt[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@linksynergy[1].txt[/email]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@anm.co[2].txt[/email]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@maxserving[2].txt[/email]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@belnk[2].txt[/email]
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@dist.belnk[1].txt[/email]
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@www.myaffiliateprogram[1].txt[/email]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@com[2].txt[/email]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@landing.domainsponsor[1].txt[/email]
00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@webpower[1].txt[/email]
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@tickle[1].txt[/email]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy_sadler@statcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Ted TM Sadler\Cookies\ted_tm_sadler@statcounter[1].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@counter.hitslink[1].txt[/email]
00167776 Cookie/Kount TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@kount[1].txt[/email]
00167778 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@ehg-sonycomputer.hitbox[2].txt[/email]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Ted Sadler\Cookies\ted_sadler@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Ted TM Sadler\Cookies\ted_tm_sadler@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@apmebf[2].txt[/email]
00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@versiontracker[2].txt[/email]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@www.burstbeacon[2].txt[/email]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@server.iad.liveperson[1].txt[/email]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy_sadler@media.adrevolver[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy_sadler@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Ted TM Sadler\Cookies\ted_tm_sadler@ads.pointroll[1].txt
00172825 Joke/Stress Jokes No 0 Yes No C:\Documents and Settings\Ted TM Sadler\My Documents\Programs\Stuff From Clinton\Desktop Destroyer!.exe
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@phg.hitbox[2].txt[/email]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@bravenet[2].txt[/email]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@go[2].txt[/email]
00196960 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@ath.belnk[1].txt[/email]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy_sadler@target[2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@did-it[1].txt[/email]
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@cgi-bin[4].txt[/email]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Ted TM Sadler\Cookies\ted_tm_sadler@atwola[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@cgi-bin[3].txt[/email]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@ehg-dig.hitbox[1].txt[/email]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy [email]sadler@ads.addynamix[2].txt[/email]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Amy Sadler\Cookies\amy_sadler@citi.bridgetrack[2].txt
00482951 Application/SpywareGuard2008 HackTools Yes 0 Yes No C:\Documents and Settings\Amy Sadler\Start Menu\Programs\Startup\PowerReg Scheduler.exe
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1576\A0242142.sys
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1574\A0240071.sys
00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No C:\Documents and Settings\Ted TM Sadler\Cookies\ted_tm_sadler@registrydefender[2].txt
01941906 Trj/Downloader.QDY Virus/Trojan No 0 Yes No C:\WINDOWS\peoplepc\temp\DSLCS6X.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1579\A0242847.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1576\A0242386.sys
03755584 Generic Malware Virus/Trojan No 0 Yes No C:\I386\GTDownDE_87.ocx
;===================================================================================================================================================================================
SUSPECTS
Sent Location r
;===================================================================================================================================================================================
No C:\Documents and Settings\Ted TM Sadler\My Documents\Programs\Setup apps\mirc634.exe r
No C:\Documents and Settings\Ted TM Sadler\My Documents\Programs\Setup apps\mirc634.exe[Â²Ã–Ã‡\mirc634.exe]
No C:\Documents and Settings\Ted TM Sadler\My Documents\Programs\Setup apps\mirc634.exe[Â²Ã–Ã‡\mirc634.exe][mirc.exe]
No C:\Documents and Settings\Ted TM Sadler\My Documents\Programs\Setup apps\mirc634.exe[Â²Ã–Ã‡\mirc634.exe]
No C:\Documents and Settings\Ted TM Sadler\My Documents\Programs\Setup apps\mirc634.exe[Â²Ã–Ã‡\mirc634.exe][mirc.exe]
No C:\Documents and Settings\Ted TM Sadler\My Documents\Programs\Setup apps\mirc634.exe[Â²Ã–Ã‡\mirc634.exe]
No C:\Documents and Settings\Ted TM Sadler\My Documents\Programs\Setup apps\mirc634.exe[Â²Ã–Ã‡\mirc634.exe][mirc.exe]
No C:\Program Files\AIM\Sysfiles\AIMWDInstall.exe r
No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1550\A0235619.exe r
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description r
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Several Stopzilla, Nexplore, etc. Popups

Comments