I've never had to deal with any sort of malware infection of any kind in the past and I can now give my sincerest condolences to those who have. My stepfather's computer was infected with several different issues and although the system is now stable again there are still some issues.

I was experiencing issues where on any website every link was being rewritten within the page to point to an alternate URL (generally some random pseudo-search site; always with the actual link URL-encoded on the end). I thought it was an issue with the web browser so I updated to IE8 (the default browser on this system) and installed Firefox 3.5 (which I use). Both continued producing the same results. That's the point at which a program titled "Security Center" which was skinned to look like Norton (which was the installed AV program) popped up and said the system was infected and saying that vital Windows components were infected. I recognized this as a malware program when I noticed one of the files was rundll32.dll and the recommended action was "DELETE".

After closing that program the desktop image was then replaced with text saying something along the lines of "YOUR SYSTEM SECURITY HAS BEEN COMPROMISED. SPYWARE HAS BEEN DETECTED" (etc.).

Since then I have been working for the past week cleaning up this system. These are the programs I have used:

• avast! Antivirus
• Avira AntiVir (specifically the rootkit scanner)
• Malwarebytes' Anti-Malware
• Spybot - Search & Destroy
• Ad-Aware
• HijackThis
• SUPERAntiSpyware
• ComboFix
• CCleaner

After running these and cleaning out approximately 11 malware programs (including Trojans, Worms, Rootkits, etc.), 30 spyware programs, and numerous registry entries the system is now running stable with no signs of infection during most normal operations. In addition to that I have also installed a new HOSTS file.

At this point I do still have some problems remaining:

• When I run a scan with avast! Antivirus, I get an error that the boot sector could not be scanned because "The maximum number of secrets that may be stored in a single system has been exceeded."
• When I try to run Recuva on drive C: I also get the same error.
• I am incapable of defragmenting drive C:
• I am incapable of running Chkdsk on drive C: (it says the computer must be restarted but then gives an error after restarting that the file "Chkdisk.dll" cannot be found)
• Whenever I try to Google information on this error the site redirection happens again, but not rewriting the URLs as it was before; just if I click on the links. I can copy/paste them into the address bar and it works fine.

Per the "Before You Post!" thread I have also run:

• The_Comedian.exe
• TFC.exe
• Malwarebytes' Anti-Malware (again)
• avast! Antivirus full system scan (again)
• Rooter.exe
• RootRepeal.exe
• OTL.exe

I made sure while running each of these to close out of everything else first and follow the instructions for each program from the thread (including pasting the special instructions into OTL).

Below are the logs (and comments) of each of these scans. I also have the logs from my most recent scan with HijackThis and from when I ran ComboFix if either of those are needed.

********************************************************************************

The_Comedian.exe could not create a System Restore point.

****************************************

Malwarebytes' Anti-Malware 1.39
Database version: 2447
Windows 5.1.2600 Service Pack 3

7/20/2009 3:07:40 PM
mbam-log-2009-07-20 (15-07-40).txt

Scan type: Quick Scan
Objects scanned: 93034
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Honey\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

****************************************

avast! virus scan reported that the boot sector could not be scanned: "The maximum number of secrets that may be stored in a single system has been exceeded."

****************************************

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 1, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.5.1 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:62 Go )
D:\ [CD_Rom]
E:\ [Removable]
.
Scan : 16:52.07
Path : C:\Documents and Settings\Honey\Desktop\Rooter.exe
User : Honey ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (540)
______ \??\C:\WINDOWS\system32\csrss.exe (612)
______ \??\C:\WINDOWS\system32\winlogon.exe (636)
______ C:\WINDOWS\system32\services.exe (684)
______ C:\WINDOWS\system32\lsass.exe (696)
______ C:\WINDOWS\system32\svchost.exe (872)
______ C:\WINDOWS\system32\svchost.exe (980)
______ C:\WINDOWS\System32\svchost.exe (1108)
______ C:\WINDOWS\system32\svchost.exe (1216)
______ C:\Program Files\ActivIdentity\ActivClient\acevents.exe (1224)
______ C:\WINDOWS\system32\svchost.exe (1312)
______ C:\WINDOWS\Explorer.EXE (1660)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1680)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (1704)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (1836)
______ C:\WINDOWS\system32\spoolsv.exe (220)
______ C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (308)
______ C:\WINDOWS\System32\SCardSvr.exe (116)
______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (1052)
______ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (1064)
______ C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe (1072)
______ C:\Program Files\QuickTime\qttask.exe (1080)
______ C:\Program Files\iTunes\iTunesHelper.exe (1212)
______ C:\Program Files\AGEIA Technologies\TrayIcon.exe (1292)
______ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (1308)
______ C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (1428)
______ C:\WINDOWS\system32\ctfmon.exe (1468)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (1520)
______ C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (1540)
______ C:\WINDOWS\system32\svchost.exe (1604)
______ C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (2092)
______ C:\Program Files\Windows Desktop Search\WindowsSearch.exe (2204)
______ C:\Program Files\ActivIdentity\ActivClient\acautoup.exe (2340)
______ C:\Program Files\ActivIdentity\ActivClient\accoca.exe (2428)
______ C:\Program Files\ActivIdentity\ActivClient\acevents.exe (2524)
______ C:\WINDOWS\system32\basfipm.exe (2584)
______ C:\WINDOWS\system32\nvsvc32.exe (2932)
______ C:\WINDOWS\system32\svchost.exe (3320)
______ C:\WINDOWS\system32\SearchIndexer.exe (3504)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (3784)
______ C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (380)
______ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (580)
______ C:\WINDOWS\system32\wbem\unsecapp.exe (1724)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (272)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (1508)
______ C:\Program Files\iPod\bin\iPodService.exe (1880)
______ C:\WINDOWS\System32\alg.exe (3248)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (3452)
______ C:\WINDOWS\system32\SearchProtocolHost.exe (2112)
______ C:\WINDOWS\system32\SearchFilterHost.exe (528)
______ C:\WINDOWS\system32\igfxsrvc.exe (3104)
______ C:\Documents and Settings\Honey\Desktop\Rooter.exe (2972)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 1 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:49319424)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:49351680 | Length:79941496320)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\DESKTOP.INI
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-80496231-3960135244-1515697187-1005Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-80496231-3960135244-1515697187-1005UA.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 16:52.10
.
C:\Rooter$\Rooter_1.txt - (20/07/2009 | 16:52.10)

****************************************

---------------------------
RootRepeal
---------------------------
Could not read the boot sector. Try adjusting the Disk Access Level in the Options dialog.
---------------------------
OK
---------------------------

****************************************

---------------------------
RootRepeal Warning
---------------------------
Could not find module file on disk!
--------------------------- ---------------------------
OK Details>>
--------------------------- ---------------------------
16:57:56: Warning - could not read Windows kernel using raw-disk reading!
16:57:57: Could not find module file on disk!
16:57:57: Could not find module file on disk!
16:57:58: Could not find module file on disk!

****************************************

---------------------------
RootRepeal Error
---------------------------
Could not read system registry!
Please contact the author!
--------------------------- ---------------------------
OK Details>>
--------------------------- ---------------------------
17:02:07: DeviceIoControl Error! Error Code = 0xc0000001
17:02:10: Could not read system registry! Please contact the author!

****************************************

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/20 17:02
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================

==EOF==

****************************************

OTL logfile created on: 7/20/2009 5:07:26 PM - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\Honey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 590.66 Mb Available Physical Memory | 58.25% Memory free
2.38 Gb Paging File | 1.80 Gb Available in Paging File | 75.42% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 62.61 Gb Free Space | 84.10% Space Free | Partition Type: NTFS
Drive D: | 67.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.89 Gb Total Space | 1.70 Gb Free Space | 89.97% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CALVINCOMPUTER
Current User Name: Honey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
PRC - C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\ActivIdentity\ActivClient\acautoup.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\WINDOWS\System32\basfipm.exe (Broadcom Corp.)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Documents and Settings\Honey\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (acautoup [Auto | Running]) -- C:\Program Files\ActivIdentity\ActivClient\acautoup.exe (ActivIdentity)
SRV - (accoca [Auto | Running]) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (BAsfIpM [Auto | Running]) -- C:\WINDOWS\System32\basfipm.exe (Broadcom Corp.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c990613a62a7e [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPodService [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BASFND [Auto | Running]) -- C:\WINDOWS\System32\Drivers\BASFND.sys (Broadcom Corporation)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hdvhm [Unknown | Running]) -- Service key not found. File not found
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (moufiltr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\moufiltr.sys (Micro Innovations)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCR3XX2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 85 9A 94 5E 90 C9 01 [binary data]
IE - URLSearchHook: - Reg Error: Key error. File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/15 18:03:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Documents and Settings\Honey\My Documents\Firefox\components [2009/07/18 22:08:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Documents and Settings\Honey\My Documents\Firefox\plugins [2009/07/18 22:08:53 | 00,000,000 | ---D | M]

[2009/07/15 17:52:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\mozilla\Extensions
[2009/07/15 17:52:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/20 12:17:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\mozilla\Firefox\Profiles\nqy0a6qp.default\extensions
[2009/07/15 18:14:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\mozilla\Firefox\Profiles\nqy0a6qp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/18 22:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\mozilla\Firefox\Profiles\nqy0a6qp.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

O1 HOSTS File: (612462 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 16367 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
O4 - HKLM..\Run: [ApproveItForOfficeSetup] C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe (Silanis Technology Inc.)
O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Honey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk = C:\WINDOWS\Installer\{29EB04A2-633C-40BE-9673-12DE7360C04E}\Icon9557F1BC1.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Honey\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/02/16 12:59:10 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/02/16 12:59:10 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/02/16 12:59:10 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/02/16 12:59:10 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1234799743843 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.93.41.127 24.93.41.128
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\System32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/10/27 21:13:40 | 00,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/p) - File not found
O34 - HKLM BootExecute: (\??\C:) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

MsConfig - Services: "N360"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9212D8B4-C3CF-43E1-A1FF-8EEA311633DC} - PureEdge Viewer
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Documents and Settings\Honey\My Documents\*.tmp files]
[2009/07/20 16:54:08 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Honey\Desktop\settings.dat
[2009/07/20 16:52:10 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/20 14:58:02 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Honey\Desktop\OTL.exe
[2009/07/20 14:57:24 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Honey\Desktop\Rooter.exe
[2009/07/20 14:55:15 | 00,000,809 | ---- | C] () -- C:\Documents and Settings\Honey\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/20 14:55:08 | 00,000,653 | ---- | C] () -- C:\Documents and Settings\Honey\Desktop\NTREGOPT.lnk
[2009/07/20 14:55:08 | 00,000,634 | ---- | C] () -- C:\Documents and Settings\Honey\Desktop\ERUNT.lnk
[2009/07/20 14:55:08 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/20 14:54:14 | 00,023,356 | ---- | C] () -- C:\WINDOWS\System32\AAWService_2009_07_20_14_54_14.dmp
[2009/07/20 14:32:39 | 00,000,000 | ---D | C] -- C:\Program Files\Recuva
[2009/07/18 22:36:18 | 00,004,298 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_223616.reg
[2009/07/18 22:29:15 | 10,633,99424 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/18 04:03:29 | 00,001,032 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_040328.reg
[2009/07/18 03:00:21 | 00,002,427 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
[2009/07/18 03:00:21 | 00,001,947 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
[2009/07/18 03:00:21 | 00,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/07/18 02:57:21 | 00,000,790 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025719.reg
[2009/07/18 02:57:08 | 00,000,430 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025706.reg
[2009/07/18 02:56:53 | 00,045,664 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025651.reg
[2009/07/18 02:54:57 | 00,893,698 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025454.reg
[2009/07/18 02:53:11 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/07/18 01:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/07/18 01:54:38 | 00,000,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/18 01:54:36 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/18 01:54:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\Application Data\SUPERAntiSpyware.com
[2009/07/18 01:54:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/07/17 23:47:45 | 00,792,576 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc30d.dll
[2009/07/17 23:05:55 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/17 00:42:04 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/17 00:42:04 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/17 00:42:04 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/17 00:42:04 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/17 00:42:04 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/17 00:42:04 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/17 00:42:04 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/17 00:42:04 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/17 00:42:04 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/17 00:42:04 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/17 00:42:04 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/17 00:42:04 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/17 00:42:04 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/17 00:42:04 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/17 00:42:04 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/17 00:42:04 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/17 00:42:04 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/17 00:42:04 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/17 00:42:04 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/17 00:42:04 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/17 00:42:04 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/17 00:42:04 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/17 00:42:04 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/17 00:42:04 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/17 00:42:04 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/17 00:42:04 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/17 00:42:04 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/17 00:42:04 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/17 00:42:04 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/17 00:42:04 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/17 00:42:04 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/17 00:42:04 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/17 00:42:04 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ACPIEC.SYS
[2009/07/17 00:42:04 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/17 00:42:04 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\BEEP.SYS
[2009/07/17 00:42:04 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\NULL.SYS
[2009/07/17 00:42:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/17 00:29:47 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/07/17 00:29:42 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/17 00:29:40 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/17 00:27:40 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/17 00:27:40 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/17 00:27:40 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/17 00:27:40 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/17 00:27:40 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/17 00:27:40 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/17 00:27:40 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/17 00:27:40 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/17 00:27:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/17 00:27:12 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/07/17 00:25:47 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/17 00:01:09 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/17 00:00:56 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/07/17 00:00:13 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/07/17 00:00:12 | 00,000,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/07/17 00:00:05 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/07/17 00:00:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/07/16 23:30:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/16 23:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/07/16 23:00:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\Application Data\Malwarebytes
[2009/07/16 22:59:54 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/16 22:59:53 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/16 22:59:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/16 22:59:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/16 21:02:10 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/07/16 21:02:10 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/16 21:02:08 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/07/16 21:02:07 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/07/16 21:02:05 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/07/16 21:02:04 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/07/16 21:02:04 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/07/16 21:02:04 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/07/16 21:02:04 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/07/16 21:01:44 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/07/16 21:01:44 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/07/16 19:49:50 | 00,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2009/07/16 17:48:24 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/07/16 14:30:00 | 00,000,000 | ---D | C] -- C:\Sega
[2009/07/15 23:12:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2009/07/15 23:11:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/07/15 23:11:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/07/15 23:10:53 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/07/15 23:10:26 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/07/15 23:08:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/07/15 23:07:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\Application Data\Windows Desktop Search
[2009/07/15 23:07:17 | 00,001,829 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/07/15 23:07:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/07/15 23:07:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/07/15 23:06:37 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2009/07/15 23:06:37 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2009/07/15 23:06:37 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2009/07/15 23:06:30 | 00,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/07/15 23:06:05 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/07/15 23:04:25 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/07/15 23:04:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/07/15 23:04:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/07/15 19:33:30 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/07/15 19:33:28 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/15 18:51:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/07/15 17:52:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/15 17:52:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\Local Settings\Application Data\Mozilla
[2009/07/15 17:50:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\My Documents\Firefox
[2009/07/15 17:48:31 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/07/15 17:37:38 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/15 17:36:22 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/07/15 17:36:22 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/07/15 17:36:22 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/07/15 17:36:19 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/15 12:35:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\My Documents\tiff and britts stuff
[2009/07/14 17:04:41 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\Raven.doc
[2009/07/14 12:23:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\My Documents\AGS
[2009/07/12 21:39:46 | 00,469,504 | ---- | C] ( ) -- C:\Documents and Settings\Honey\Desktop\RootRepeal.exe
[2009/07/11 22:59:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\My Documents\My Saved Games
[2009/07/11 22:58:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\My Documents\Heed
[2009/07/11 22:55:35 | 12,504,169 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\Heed Beta.zip
[2009/07/10 15:51:49 | 00,509,952 | ---- | C] () -- C:\Documents and Settings\Honey\Desktop\(Tiffany's) Just Keep Moving Forward.doc
[2009/07/10 15:25:17 | 00,004,733 | ---- | C] () -- C:\WINDOWS\SigPlus.ini
[2009/07/10 15:25:07 | 00,000,000 | ---D | C] -- C:\Program Files\ApproveIt
[2009/07/10 15:25:07 | 00,000,000 | ---D | C] -- C:\LF30
[2009/07/10 15:24:51 | 00,000,000 | ---D | C] -- C:\AGMLogs
[2009/07/10 15:18:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\My Documents\ApprovIt Setup
[2009/07/10 15:11:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\Application Data\PureEdge
[2009/07/10 15:11:04 | 00,172,032 | ---- | C] (Wintertree Software Inc.) -- C:\WINDOWS\System32\SSCE5332.dll
[2009/07/10 15:11:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2009/07/10 15:11:02 | 00,000,000 | ---D | C] -- C:\Program Files\PureEdge
[2009/07/10 15:04:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ActivIdentity
[2009/07/10 15:04:08 | 00,000,000 | ---D | C] -- C:\Program Files\ActivIdentity
[2009/07/10 15:02:14 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009/07/10 15:01:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\My Documents\ActivClient Setup
[2009/07/09 20:32:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\Local Settings\Application Data\Yahoo
[2009/07/09 20:30:04 | 00,262,144 | ---- | C] () -- C:\ntuser.dat
[2009/07/09 20:28:54 | 00,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/07/07 23:06:14 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/07 22:55:25 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Honey\Application Data\SecuROM
[2009/07/07 22:55:07 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009/07/07 22:55:07 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009/07/07 22:55:06 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009/07/07 22:55:05 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009/07/07 22:55:05 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/07/07 22:55:04 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009/07/07 22:55:03 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2009/07/07 22:55:02 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/07/07 22:55:02 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/07/07 22:55:01 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009/07/07 22:55:00 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2009/07/07 22:55:00 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2009/07/07 22:55:00 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2009/07/07 22:54:59 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2009/07/07 22:54:58 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009/07/07 22:54:58 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009/07/07 22:54:57 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009/07/07 22:54:56 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009/07/07 22:54:56 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009/07/07 22:54:55 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009/07/07 22:54:52 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2009/07/07 22:54:52 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2009/07/07 22:54:51 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2009/07/07 22:54:50 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2009/07/07 22:54:49 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2009/07/07 22:54:49 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2009/07/07 22:54:48 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2009/07/07 22:54:47 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2009/07/07 22:54:44 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2009/07/07 22:54:44 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2009/07/07 22:54:43 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/07/07 22:54:43 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/07/07 22:54:42 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/07/07 22:54:41 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2009/07/07 22:54:40 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2009/07/07 22:54:40 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2009/07/07 22:54:39 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2009/07/07 22:54:38 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2009/07/07 22:54:37 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/07/07 22:54:37 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2009/07/07 22:54:37 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2009/07/07 22:54:35 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/07/07 22:54:35 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2009/07/07 22:54:35 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2009/07/07 22:54:34 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/07/07 22:54:34 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/07/07 22:54:33 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/07/07 22:54:30 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2009/07/07 22:54:27 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2009/07/07 22:54:27 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2009/07/07 22:54:25 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2009/07/07 22:54:24 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2009/07/07 22:54:23 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2009/07/07 22:54:22 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/07/07 22:54:22 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/07/07 22:54:22 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/07/07 22:54:21 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/07/07 22:54:20 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/07/07 22:54:20 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/07/07 22:54:19 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/07/07 22:54:19 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/07/07 22:54:18 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/07/07 22:54:13 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/07/07 22:54:12 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/07/07 22:54:12 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/07/07 22:54:11 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/07/07 22:54:11 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/07/07 22:54:10 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/07/07 22:54:09 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/07/07 22:54:09 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/07/07 22:54:08 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/07/07 22:54:07 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/07/07 22:52:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/07/07 22:51:20 | 19,808,7808 | ---- | C] (Telltale Games) -- C:\Documents and Settings\Honey\My Documents\LaunchOfTheScreamingNarwhal_Setup.exe
[2009/07/06 20:16:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\Application Data\Mozilla
[2009/07/06 20:15:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\Local Settings\Application Data\Temp
[2009/07/06 20:10:04 | 00,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-80496231-3960135244-1515697187-1005UA.job
[2009/07/06 20:10:03 | 00,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-80496231-3960135244-1515697187-1005Core.job
[2009/07/06 20:09:30 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/06 20:09:30 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2008/01/18 00:35:24 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\erainp32.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/05 23:42:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006/08/16 09:56:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/08/16 09:56:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/08/16 09:56:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/08/16 09:56:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/08/16 09:56:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/08/16 09:56:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/08/16 09:56:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/08/16 09:56:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/08/16 09:56:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/08/09 16:10:05 | 00,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2005/08/09 15:59:48 | 00,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2005/07/22 12:17:04 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMON.DLL
[2005/07/22 12:17:04 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMUI.DLL
[2005/07/22 11:55:22 | 00,000,430 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/01/24 10:28:05 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/04 18:56:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/04 18:33:08 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 18:25:56 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/11 18:15:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/11 18:07:24 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[1999/01/22 13:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\Documents and Settings\Honey\My Documents\*.tmp files]
[2009/07/20 16:54:08 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Honey\Desktop\settings.dat
[2009/07/20 16:50:55 | 00,469,504 | ---- | M] ( ) -- C:\Documents and Settings\Honey\Desktop\RootRepeal.exe
[2009/07/20 16:15:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-80496231-3960135244-1515697187-1005UA.job
[2009/07/20 16:14:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/20 15:09:47 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/07/20 15:09:46 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/07/20 15:09:31 | 00,004,626 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/20 15:09:18 | 00,002,427 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
[2009/07/20 15:09:10 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/20 15:09:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/20 15:08:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/07/20 15:08:50 | 10,633,99424 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/20 14:58:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Honey\Desktop\OTL.exe
[2009/07/20 14:57:24 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Honey\Desktop\Rooter.exe
[2009/07/20 14:55:15 | 00,000,809 | ---- | M] () -- C:\Documents and Settings\Honey\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/20 14:55:08 | 00,000,653 | ---- | M] () -- C:\Documents and Settings\Honey\Desktop\NTREGOPT.lnk
[2009/07/20 14:55:08 | 00,000,634 | ---- | M] () -- C:\Documents and Settings\Honey\Desktop\ERUNT.lnk
[2009/07/20 14:54:15 | 00,023,356 | ---- | M] () -- C:\WINDOWS\System32\AAWService_2009_07_20_14_54_14.dmp
[2009/07/20 00:00:15 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/19 22:01:04 | 03,887,462 | -H-- | M] () -- C:\Documents and Settings\Honey\Local Settings\Application Data\IconCache.db
[2009/07/19 20:15:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-80496231-3960135244-1515697187-1005Core.job
[2009/07/18 22:36:21 | 00,004,298 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_223616.reg
[2009/07/18 22:06:13 | 00,243,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/18 04:03:36 | 00,001,032 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_040328.reg
[2009/07/18 03:00:27 | 00,000,603 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/07/18 03:00:27 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/07/18 03:00:27 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/18 02:57:22 | 00,000,790 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025719.reg
[2009/07/18 02:57:10 | 00,000,430 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025706.reg
[2009/07/18 02:56:56 | 00,045,664 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025651.reg
[2009/07/18 02:55:05 | 00,893,698 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025454.reg
[2009/07/18 01:54:38 | 00,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/17 00:23:45 | 00,612,462 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/07/17 00:00:12 | 00,000,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/07/16 21:02:10 | 00,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/16 21:02:04 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/16 17:11:59 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/07/15 23:11:53 | 00,063,088 | ---- | M] () -- C:\Documents and Settings\Honey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/15 23:07:17 | 00,001,829 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/07/15 23:07:14 | 00,545,364 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/15 23:07:14 | 00,463,510 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/07/15 23:07:14 | 00,078,786 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/07/15 23:06:20 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/07/15 23:06:20 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/07/15 23:04:25 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/07/15 17:52:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/07/15 16:09:02 | 00,000,151 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[2009/07/15 11:31:56 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\Raven.doc
[2009/07/13 23:07:23 | 00,509,952 | ---- | M] () -- C:\Documents and Settings\Honey\Desktop\(Tiffany's) Just Keep Moving Forward.doc
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/11 22:55:36 | 12,504,169 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\Heed Beta.zip
[2009/07/10 15:25:18 | 00,004,733 | ---- | M] () -- C:\WINDOWS\SigPlus.ini
[2009/07/10 15:04:13 | 00,001,947 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
[2009/07/09 20:30:04 | 00,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/07/09 20:28:54 | 00,000,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/07/07 23:06:43 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/07 22:51:26 | 19,808,7808 | ---- | M] (Telltale Games) -- C:\Documents and Settings\Honey\My Documents\LaunchOfTheScreamingNarwhal_Setup.exe
[2009/07/07 10:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/03 09:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

========== LOP Check ==========

[2009/07/18 02:55:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/15 19:09:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/07/17 00:00:13 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2008/12/03 20:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2006/02/10 17:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/07/15 21:35:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/04/04 10:42:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/02/06 19:01:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/04/04 10:04:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/07/10 15:11:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2004/12/04 18:32:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2005/01/24 10:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/12/05 18:00:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/07/15 18:27:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/07/21 20:18:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/07/15 18:30:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/07/18 01:54:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Honey\Application Data
[2005/07/22 13:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\4200Series
[2006/11/22 18:21:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\AngoToolbarzay
[2006/02/10 17:55:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\Intuit
[2005/07/27 12:58:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\Leadertech
[2009/07/10 15:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\PureEdge
[2009/07/07 22:55:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Honey\Application Data\SecuROM
[2005/12/04 16:16:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\teamspeak2
[2005/08/09 16:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\Ulead Systems
[2009/07/12 23:27:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\WeatherBug
[2009/07/15 23:07:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\Windows Desktop Search
[2009/07/20 00:00:15 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/07/20 15:09:46 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/07/20 15:09:10 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/07/20 16:14:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/07/19 20:15:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-80496231-3960135244-1515697187-1005Core.job
[2009/07/20 16:15:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-80496231-3960135244-1515697187-1005UA.job
[2009/07/20 15:09:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >

< %TEMP%\antiwpa_crypt.dll >

< %TEMP%\antiwpa.dll /s >

< %PROGRAMFILES%\antiwpa.dll /s >

< %systemroot%\system32\crypt.dll >

< %TEMP%\crypt.dll >

< %SYSTEMDRIVE%\*. >
[2009/07/20 16:54:08 | 00,000,000 | ---D | M] -- C:
[2005/11/27 13:51:07 | 00,000,000 | RH-D | M] -- C:\$VAULT$.AVG
[2009/02/16 11:12:58 | 00,000,000 | ---D | M] -- C:\50053ed5615726be78
[2009/06/16 07:51:16 | 00,000,000 | ---D | M] -- C:\a166bfa40766a3175954
[2009/07/10 15:24:51 | 00,000,000 | ---D | M] -- C:\AGMLogs
[2009/07/17 00:29:46 | 00,000,000 | RHSD | M] -- C:\cmdcons
[2009/07/17 00:45:19 | 00,000,000 | --SD | M] -- C:\Combo-Fix
[2005/10/02 10:47:10 | 00,000,000 | ---D | M] -- C:\DELL
[2008/12/03 21:01:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2004/12/04 18:33:22 | 00,000,000 | ---D | M] -- C:\DRIVERS
[2006/11/14 09:44:01 | 00,000,000 | ---D | M] -- C:\Encore Software
[2005/12/20 10:18:52 | 00,000,000 | ---D | M] -- C:\I386
[2009/07/10 15:25:07 | 00,000,000 | ---D | M] -- C:\LF30
[2009/07/20 15:08:53 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/07/17 00:44:55 | 00,000,000 | ---D | M] -- C:\Qoobox
[2009/07/17 23:05:55 | 00,000,000 | -HSD | M] -- C:\RECYCLER
[2009/07/20 16:52:10 | 00,000,000 | ---D | M] -- C:\Rooter$
[2009/07/17 23:48:12 | 00,000,000 | ---D | M] -- C:\Sega
[2009/07/15 21:36:51 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2009/07/20 15:00:30 | 00,000,000 | ---D | M] -- C:\WINDOWS

< %SYSTEMDRIVE%\*.* >
[2004/08/11 18:15:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/07/16 17:11:59 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/07/18 03:00:27 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2004/08/03 23:00:00 | 00,260,272 | ---- | M] () -- C:\cmldr
[2009/07/17 00:45:10 | 00,026,379 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 18:15:00 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/12/04 18:33:46 | 00,003,383 | RH-- | M] () -- C:\DELL.SDR
[2009/07/20 15:08:50 | 10,633,99424 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/11 18:27:32 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 18:15:00 | 00,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/08/30 07:48:27 | 00,000,384 | ---- | M] () -- C:\jetscan.log
[2004/08/11 18:15:00 | 00,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2005/06/29 14:48:58 | 00,000,940 | ---- | M] () -- C:\net_save.dna
[2004/08/04 06:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/15 14:05:45 | 00,250,048 | RHS- | M] () -- C:\NTLDR
[2009/07/09 20:30:04 | 00,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/07/09 20:30:04 | 00,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2009/07/20 15:08:49 | 15,980,29824 | -HS- | M] () -- C:\pagefile.sys
[2009/07/20 17:02:10 | 00,000,500 | ---- | M] () -- C:\RootRepeal report 07-20-09 (17-02-10).txt
[2008/12/03 20:51:09 | 00,000,150 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2009/07/20 15:08:53 | 00,000,000 | R--D | M] -- C:\Program Files
[2006/09/30 17:26:51 | 00,000,000 | ---D | M] -- C:\Program Files\_ArcadeDownloadFolder
[2005/07/22 12:15:51 | 00,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 6.0
[2009/07/10 15:04:08 | 00,000,000 | ---D | M] -- C:\Program Files\ActivIdentity
[2009/02/16 13:07:38 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/09/21 11:41:05 | 00,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/07/15 19:33:28 | 00,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/07/16 19:51:04 | 00,000,000 | ---D | M] -- C:\Program Files\ApproveIt
[2005/07/21 20:18:00 | 00,000,000 | ---D | M] -- C:\Program Files\Atari-Infogrames
[2006/09/30 17:19:26 | 00,000,000 | ---D | M] -- C:\Program Files\AWS
[2004/12/04 18:52:16 | 00,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2009/07/18 02:53:11 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/07/18 01:54:25 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/12/04 18:32:44 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/07/20 14:55:15 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2009/05/29 06:41:08 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2009/07/15 18:30:04 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/07/15 17:40:08 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/02/01 19:57:45 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2008/12/03 20:48:10 | 00,000,000 | ---D | M] -- C:\Program Files\ItsDeductible2005
[2006/02/01 19:57:50 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2004/12/04 18:52:01 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/07/17 00:00:05 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/07/16 22:59:59 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/16 19:51:04 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/07/15 23:11:13 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/02/16 11:03:07 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/12/04 18:32:48 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2005/01/24 10:31:11 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/03/27 20:10:19 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/02/15 14:13:46 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/02/16 11:13:55 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2004/12/04 18:32:40 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/12/04 18:32:44 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2005/11/01 17:04:20 | 00,000,000 | ---D | M] -- C:\Program Files\MsnMusic
[2009/02/15 14:09:29 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/06/07 18:27:42 | 00,000,000 | ---D | M] -- C:\Program Files\Nick Jr. Arcade
[2004/12/04 18:32:44 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/02/15 14:09:22 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/12/03 20:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\OXXOGames
[2009/02/06 19:01:47 | 00,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2009/07/16 19:51:04 | 00,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2009/07/10 15:11:02 | 00,000,000 | ---D | M] -- C:\Program Files\PureEdge
[2006/02/01 19:58:33 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/09/30 17:27:44 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2009/07/20 14:32:39 | 00,000,000 | ---D | M] -- C:\Program Files\Recuva
[2009/02/16 11:13:44 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2005/01/24 10:30:30 | 00,000,000 | ---D | M] -- C:\Program Files\Snapshot Viewer
[2009/07/16 23:31:56 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/18 01:54:38 | 00,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2005/08/18 08:28:11 | 00,000,000 | ---D | M] -- C:\Program Files\TryMedia
[2006/07/06 23:18:35 | 00,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2004/12/04 18:32:48 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2005/08/09 16:14:07 | 00,000,000 | ---D | M] -- C:\Program Files\V5385 Digital Camera
[2008/12/03 20:48:24 | 00,000,000 | ---D | M] -- C:\Program Files\VIVA MEDIA
[2009/07/15 23:19:21 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/07/15 23:11:08 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/07/15 23:10:53 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/07/16 19:51:05 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/07/15 23:06:05 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/02/15 14:09:22 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/12/04 18:32:48 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/12/04 18:32:48 | 00,000,000 | ---D | M] -- C:\Program Files\XEROX
[2009/07/09 20:30:01 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2006/11/18 11:10:24 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games

< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Honey\Application Data
CLASSPATH=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CALVINCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Honey
LOGONSERVER=\\CALVINCOMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem;C:\Program Files\ActivIdentity\ActivClient;C:\Program Files\ApproveIt;C:\Program Files\ApproveIt\ThirdParty\Bin;C:\WINDOWS\system32\WindowsPowerShell\v1.0
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Honey\LOCALS~1\Temp
TMP=C:\DOCUME~1\Honey\LOCALS~1\Temp
USERDOMAIN=CALVINCOMPUTER
USERNAME=Honey
USERPROFILE=C:\Documents and Settings\Honey
windir=C:\WINDOWS

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

****************************************

OTL Extras logfile created on: 7/20/2009 5:07:26 PM - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\Honey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 590.66 Mb Available Physical Memory | 58.25% Memory free
2.38 Gb Paging File | 1.80 Gb Available in Paging File | 75.42% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 62.61 Gb Free Space | 84.10% Space Free | Partition Type: NTFS
Drive D: | 67.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.89 Gb Total Space | 1.70 Gb Free Space | 89.97% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CALVINCOMPUTER
Current User Name: Honey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\DPNSVR.EXE" = C:\WINDOWS\SYSTEM32\DPNSVR.EXE:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\DXDIAG.EXE" = C:\WINDOWS\SYSTEM32\DXDIAG.EXE:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\Honey\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Honey\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Honey\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Honey\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1535DCC2-6EB2-4FAC-9ABB-C3DC939BB87A}" = Chicken Hunter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{29EB04A2-633C-40BE-9673-12DE7360C04E}" = ApproveIt Desktop 5.9
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{496912F4-0DF6-4288-92C9-7B5AF0A21699}" = City Game Tracker
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"{55D1E12B-7812-40E5-A3D8-B7B8572A4501}" = MapPack
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient CAC 6.1 x86
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F6B1D53B-2A68-377D-AC39-C8FD359FF6F1}" = Google Talk Plugin
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AGEIA PhysX v2.5.1" = AGEIA PhysX v2.5.1
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"Chuzzle Deluxe 1.01" = Chuzzle Deluxe 1.01
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly 3" = Monopoly 3 (remove only)
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RealArcade 1.2" = RealArcade
"Recuva" = Recuva (remove only)
"Sega Smash Pack" = Sega Smash Pack
"Sega Smash Pack II" = Sega Smash Pack II
"V5385 Digital Camera Driver" = V5385 Digital Camera Driver
"WeatherBug" = WeatherBug
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/15/2009 9:44:09 PM | Computer Name = CALVINCOMPUTER | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 7/16/2009 9:18:40 PM | Computer Name = CALVINCOMPUTER | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 7/16/2009 11:24:03 PM | Computer Name = CALVINCOMPUTER | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 7/18/2009 5:04:06 AM | Computer Name = CALVINCOMPUTER | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

[ Application Events ]
Error - 7/18/2009 3:16:39 PM | Computer Name = CALVINCOMPUTER | Source = Google Update | ID = 20
Description =

Error - 7/18/2009 3:17:17 PM | Computer Name = CALVINCOMPUTER | Source = Google Update | ID = 20
Description =

Error - 7/18/2009 11:00:27 PM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HONEY\MY DOCUMENTS\FIREFOX\ACTIVE-UPDATE-1.XML>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 7/18/2009 11:00:28 PM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HONEY\MY DOCUMENTS\FIREFOX\UPDATES-1.XML>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 7/18/2009 11:35:49 PM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HONEY\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 7/18/2009 11:35:49 PM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HONEY\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 7/18/2009 11:35:57 PM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HONEY\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 7/20/2009 12:22:58 AM | Computer Name = CALVINCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.2162, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2009 12:38:49 AM | Computer Name = CALVINCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.2162, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2009 12:51:33 AM | Computer Name = CALVINCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.2162, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/20/2009 12:25:18 PM | Computer Name = CALVINCOMPUTER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.11 for the Network Card with network
address 00114308E740 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 7/20/2009 12:34:52 PM | Computer Name = CALVINCOMPUTER | Source = Dhcp | ID = 1002
Description = The IP address lease 72.191.36.75 for the Network Card with network
address 00114308E740 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 7/20/2009 12:35:54 PM | Computer Name = CALVINCOMPUTER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 00114308E740.

Error - 7/20/2009 12:36:30 PM | Computer Name = CALVINCOMPUTER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 00114308E740.

Error - 7/20/2009 12:37:19 PM | Computer Name = CALVINCOMPUTER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 00114308E740.

Error - 7/20/2009 12:43:25 PM | Computer Name = CALVINCOMPUTER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.11 for the Network Card with network
address 00114308E740 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 7/20/2009 3:46:12 PM | Computer Name = CALVINCOMPUTER | Source = Dhcp | ID = 1002
Description = The IP address lease 72.191.36.75 for the Network Card with network
address 00114308E740 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 7/20/2009 3:49:25 PM | Computer Name = CALVINCOMPUTER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.11 for the Network Card with network
address 00114308E740 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 7/20/2009 3:54:05 PM | Computer Name = CALVINCOMPUTER | Source = Dhcp | ID = 1002
Description = The IP address lease 72.191.36.75 for the Network Card with network
address 00114308E740 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 7/20/2009 3:54:26 PM | Computer Name = CALVINCOMPUTER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.11 for the Network Card with network
address 00114308E740 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).


< End of report >

********************************************************************************

Thanks for any assistance anyone has to offer. If you need any further information I'll do my best to provide as much as I can.

hi

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

I went ahead and ran ComboFix again as you told me to. It gave 2 warnings about Norton. Note that I do NOT have Norton AntiVirus installed on this computer at all. It has been uninstalled and I have also run CCleaner so there should not even be any traces of it in the registry anywhere.

I have manually searched (both for "Norton" and for "Symantec") the HDD and cannot find any Norton files other than the installation file. I did a search (Start->Search) and it only turned up a few folders, one ActiveX control, and a couple of text documents (logs, the serial key).

Here are the warnings followed by the log.

****************************************

---------------------------
Warning !!
---------------------------
ComboFix has detected the following real time scanner(s) to be active:



antivirus: Norton 360



Antivirus and intrusion prevention programs are known to interfere

with ComboFix's running. This may lead to unpredictable results or

possible machine damage.



Please disable these scanners before clicking 'OK'.
---------------------------
OK
---------------------------

****************************************

---------------------------
Warning !!
---------------------------
antivirus: Norton 360



The above real time scanner(s) are still active but ComboFix shall

continue to run. Kindly note that this is at your own risk
---------------------------
OK
---------------------------

****************************************

ComboFix 09-07-20.05 - Honey 07/21/2009 13:30.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.555 [GMT -5:00]
Running from: c:\documents and settings\Honey\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090720-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

2009-07-20 21:52 . 2009-07-20 21:52 -------- d-----w- C:\Rooter$
2009-07-20 19:55 . 2009-07-20 19:55 -------- d-----w- c:\program files\ERUNT
2009-07-20 19:32 . 2009-07-20 19:32 -------- d-----w- c:\program files\Recuva
2009-07-19 03:00 . 2008-12-04 06:25 120832 ----a-w- c:\documents and settings\Honey\Application Data\Mozilla\Firefox\Profiles\nqy0a6qp.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-07-18 07:53 . 2009-07-18 07:53 -------- d-----w- c:\program files\CCleaner
2009-07-18 06:55 . 2009-07-21 15:16 117760 ----a-w- c:\documents and settings\Honey\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-18 06:54 . 2009-07-18 06:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2009-07-18 06:54 . 2009-07-18 06:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-18 06:54 . 2009-07-18 06:54 -------- d-----w- c:\documents and settings\Honey\Application Data\SUPERAntiSpyware.com
2009-07-18 06:54 . 2009-07-18 06:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-18 04:47 . 1994-09-16 16:00 792576 ----a-r- c:\windows\system32\mfc30d.dll
2009-07-17 05:27 . 2009-07-17 05:45 -------- d-s---w- C:\Combo-Fix
2009-07-17 05:00 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-17 05:00 . 2009-07-17 05:00 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-17 05:00 . 2009-07-17 05:00 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-17 05:00 . 2009-07-17 05:00 -------- d-----w- c:\program files\Lavasoft
2009-07-17 04:30 . 2009-07-18 07:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-17 04:30 . 2009-07-17 04:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 04:00 . 2009-07-17 04:00 -------- d-----w- c:\documents and settings\Honey\Application Data\Malwarebytes
2009-07-17 03:59 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 03:59 . 2009-07-17 03:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 03:59 . 2009-07-17 03:59 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-17 03:59 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 02:02 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-17 02:02 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-17 02:02 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-17 02:02 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-17 02:02 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-17 02:02 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-17 02:02 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-17 02:02 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-17 02:01 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-17 00:49 . 2005-10-14 19:45 135168 ----a-w- c:\windows\system32\igfxres.dll
2009-07-16 22:48 . 2009-03-24 21:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-16 19:30 . 2009-07-18 04:48 -------- d-----w- C:\Sega
2009-07-16 19:29 . 2009-07-16 19:29 -------- d-----w- c:\documents and settings\Honey\WINDOWS
2009-07-16 04:38 . 2009-07-16 04:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-07-16 04:12 . 2009-07-16 04:12 -------- d-----w- c:\documents and settings\Honey\Tracing
2009-07-16 04:11 . 2009-07-16 04:11 -------- d-----w- c:\program files\Microsoft
2009-07-16 04:10 . 2009-07-16 04:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-16 04:10 . 2009-07-16 04:11 -------- d-----w- c:\program files\Windows Live
2009-07-16 04:08 . 2009-07-16 04:08 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-16 04:07 . 2009-07-16 04:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-16 04:07 . 2009-07-16 04:07 -------- d-----w- c:\documents and settings\Honey\Application Data\Windows Desktop Search
2009-07-16 04:07 . 2009-07-16 04:19 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-16 04:07 . 2009-07-16 04:07 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-16 04:06 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2009-07-16 04:06 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2009-07-16 04:06 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2009-07-16 04:06 . 2009-07-17 00:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-16 04:04 . 2009-07-16 04:05 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-16 04:04 . 2009-07-16 04:04 -------- d-----w- c:\windows\system32\LogFiles
2009-07-16 00:33 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-16 00:33 . 2009-07-16 00:33 -------- d-----w- c:\program files\Alwil Software
2009-07-15 22:52 . 2009-07-15 22:52 0 ----a-w- c:\windows\nsreg.dat
2009-07-15 22:52 . 2009-07-15 22:52 -------- d-----w- c:\documents and settings\Honey\Local Settings\Application Data\Mozilla
2009-07-15 22:40 . 2009-07-15 22:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-15 22:37 . 2009-07-15 22:37 -------- dc-h--w- c:\windows\ie8
2009-07-15 22:36 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-15 22:36 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-07-15 22:36 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-15 22:36 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-07-10 20:25 . 2009-07-17 00:51 -------- d-----w- c:\program files\ApproveIt
2009-07-10 20:25 . 2009-07-10 20:25 -------- d-----w- C:\LF30
2009-07-10 20:24 . 2009-07-10 20:24 -------- d-----w- C:\AGMLogs
2009-07-10 20:11 . 2009-07-10 20:11 -------- d-----w- c:\documents and settings\Honey\Application Data\PureEdge
2009-07-10 20:11 . 2009-07-10 20:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PureEdge
2009-07-10 20:11 . 2003-02-21 16:44 172032 ----a-w- c:\windows\system32\SSCE5332.dll
2009-07-10 20:11 . 2009-07-10 20:11 -------- d-----w- c:\program files\PureEdge
2009-07-10 20:04 . 2009-07-10 20:04 -------- d-----w- c:\program files\Common Files\ActivIdentity
2009-07-10 20:04 . 2009-07-10 20:04 -------- d-----w- c:\program files\ActivIdentity
2009-07-10 20:02 . 2009-07-10 20:02 -------- d-sh--w- c:\windows\ftpcache
2009-07-10 01:32 . 2009-07-10 01:32 -------- d-----w- c:\documents and settings\Honey\Local Settings\Application Data\Yahoo
2009-07-10 01:30 . 2009-07-10 01:30 262144 ----a-w- C:\ntuser.dat
2009-07-08 04:06 . 2009-07-08 04:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-08 03:54 . 2008-10-27 15:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-07-08 03:52 . 2009-07-08 03:52 -------- d-----w- c:\windows\Logs
2009-07-07 01:15 . 2009-07-17 20:51 -------- d-----w- c:\documents and settings\Honey\Local Settings\Application Data\Temp
2009-06-22 20:23 . 2009-06-22 20:23 239088 ----a-w- c:\documents and settings\Honey\Application Data\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 18:54 . 2009-02-16 18:02 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-17 00:51 . 2008-06-06 00:25 -------- d-----w- c:\program files\PopCap Games
2009-07-16 04:11 . 2005-09-05 03:34 63088 ----a-w- c:\documents and settings\Honey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-16 02:35 . 2009-02-15 16:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Norton
2009-07-16 02:33 . 2004-12-04 23:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-16 00:09 . 2009-04-04 15:44 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-15 23:30 . 2005-08-09 20:58 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Ulead Systems
2009-07-15 23:30 . 2004-12-04 23:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 23:27 . 2009-02-16 18:08 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-13 04:27 . 2006-09-30 22:20 -------- d-----w- c:\documents and settings\Honey\Application Data\WeatherBug
2009-07-10 20:10 . 2004-12-04 23:52 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-10 01:32 . 2005-08-04 17:34 -------- d--h--r- c:\docume~1\ALLUSE~1\APPLIC~1\yahoo!
2009-07-10 01:30 . 2005-08-04 17:38 -------- d--h--r- c:\documents and settings\Honey\Application Data\yahoo!
2009-07-10 01:30 . 2005-01-23 15:24 -------- d-----w- c:\program files\Yahoo!
2009-07-10 01:29 . 2005-09-21 00:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2009-07-08 03:55 . 2009-07-08 03:55 -------- d--h--r- c:\documents and settings\Honey\Application Data\SecuROM
2009-06-16 14:36 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 11:41 . 2009-02-16 18:02 -------- d-----w- c:\program files\Google
2009-05-25 05:24 . 2008-05-27 03:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-13 05:15 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 20:12 . 2005-06-18 19:36 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2004-08-04 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2006-09-30 22:27 . 2006-09-30 22:27 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-17_05.41.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-21 18:28 . 2009-07-21 18:28 16384 c:\windows\Temp\Perflib_Perfdata_718.dat
+ 2009-07-21 16:31 . 2009-07-21 16:31 53248 c:\windows\SYSTEM32\Macromed\Shockwave 10\PostUpdate.exe
+ 2005-01-09 17:10 . 2009-07-21 18:28 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-09 17:10 . 2009-07-17 05:23 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-09 17:10 . 2009-07-17 05:23 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-01-09 17:10 . 2009-07-21 18:28 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-01-09 17:10 . 2009-07-21 18:28 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2005-01-09 17:10 . 2009-07-17 05:23 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2009-07-18 06:54 . 2009-07-18 06:54 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-07-18 06:54 . 2009-07-18 06:54 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2004-08-11 23:20 . 2009-07-16 04:21 243920 c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2004-08-11 23:20 . 2009-07-19 03:06 243920 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2009-07-15 22:40 . 2009-07-17 02:48 245760 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat
+ 2009-07-15 22:40 . 2009-07-20 03:02 245760 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat
+ 2009-07-21 15:16 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\7-21-2009\ERDNT.EXE
+ 2009-07-20 20:00 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\7-20-2009\ERDNT.EXE
+ 2009-07-20 19:55 . 2005-10-20 17:02 163328 c:\windows\ERDNT\7-20-2009\ERDNT.EXE
+ 2009-07-18 06:54 . 2009-07-18 06:54 1516544 c:\windows\Installer\9bcd63.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2006-04-07 1343488]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Google Update"="c:\documents and settings\Honey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-02 133104]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2009-07-21 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-02 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-09-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-16 4554752]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-12-21 278528]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"AprvRemoveLegacyWordKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe" [2008-01-18 73728]
"AprvRemoveLegacyExcelKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe" [2008-01-18 73728]
"ApproveItForOfficeSetup"="c:\program files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe" [2008-01-18 155648]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2004-09-16 921600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Honey\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
ApproveIt StartUp.lnk - c:\windows\Installer\{29EB04A2-633C-40BE-9673-12DE7360C04E}\Icon9557F1BC1.ico [2009-7-10 9216]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 21:08 112640 ----a-w- c:\windows\SYSTEM32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 21:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"N360"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPNSVR.EXE"=
"c:\\WINDOWS\\SYSTEM32\\DXDIAG.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Honey\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Honey\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [7/17/2009 12:00 AM 64160]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [7/16/2009 9:02 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 acautoup;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [5/15/2007 4:08 PM 46384]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 4:08 PM 182576]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [7/16/2009 9:02 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
S2 gupdate1c990613a62a7e;Google Update Service (gupdate1c990613a62a7e);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2009 1:04 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\SYSTEM32\DRIVERS\SCR3XX2K.sys [10/18/2007 12:11 AM 56960]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Microsoft Internet Explorer provided by Comcast
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = cdn
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\docume~1\Honey\APPLIC~1\Mozilla\Firefox\Profiles\nqy0a6qp.default\
FF - plugin: c:\documents and settings\Honey\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Honey\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 13:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
geyekrxotpynky.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrxotpynky.dll
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll

- - - - - - - > 'lsass.exe'(708)
geyekrxotpynky.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrxotpynky.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-07-21 13:45
ComboFix-quarantined-files.txt 2009-07-21 18:45
ComboFix2.txt 2009-07-17 05:45

Pre-Run: 67,180,974,080 bytes free
Post-Run: 67,181,686,784 bytes free

347 --- E O F --- 2009-07-15 22:33

hi

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  
  :Services
  
  :Reg
  
  :Files
  c:\windows\system32\mfc30d.dll
  c:\windows\system32\geyekrxotpynky.dll
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
  
  
• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download RootRepeal.zip or from here and unzip it to your Desktop.

• Double click RootRepeal.exe to start the program
• Click on the Report tab at the bottom of the program window
• Click the Scan button
• In the Select Scan dialog, check:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  

  Note: The scan can take some time. DO NOT run any other programs while the scan is running

• When the scan is complete, the Save Report button will become available
• Click this and save the report to your Desktop as RootRepeal.txt

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Thanks Rorschach I appreciate your help. Hopefully these logs will mean something to you!

When I ran RootRepeal I got the same errors as before about being "unable to read the boot sector" or "find the module on disk." There was also an error message (included below) about being unable to read the registry.

****************************************

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\mfc30d.dll
c:\windows\system32\mfc30d.dll NOT unregistered.
c:\windows\system32\mfc30d.dll moved successfully.
File/Folder c:\windows\system32\geyekrxotpynky.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Honey
->Temp folder emptied: 411493 bytes
File delete failed. C:\Documents and Settings\Honey\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 18485413 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39501037 bytes
->Google Chrome cache emptied: 1107 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_718.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 55.74 mb


OTM by OldTimer - Version 3.0.0.5 log created on 07212009_191346

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_718.dat not found!

Registry entries deleted on Reboot...


****************************************

---------------------------
RootRepeal Error
---------------------------
Could not read system registry!
Please contact the author!
--------------------------- ---------------------------
OK Details>>
--------------------------- ---------------------------
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:34: DeviceIoControl Error! Error Code = 0xc0000001
19:20:38: DeviceIoControl Error! Error Code = 0xc0000001
19:20:40: Could not read system registry! Please contact the author!

****************************************

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/21 19:20
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF52B6000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BC0000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF2C88000 Size: 49152 File Visible: No Signed: -
Status: -

Stealth Objects
-------------------
Object: Hidden Module [Name: geyekrbaeoxjjd.dll]
Process: svchost.exe (PID: 856) Address: 0x008e0000 Address: 53248

Object: Hidden Module [Name: geyekrxotpynky.dll]
Process: svchost.exe (PID: 856) Address: 0x10000000 Address: 28672

==EOF==

hi

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Here are the requested scan logs.

****************************************

Malwarebytes' Anti-Malware 1.39
Database version: 2479
Windows 5.1.2600 Service Pack 3

7/22/2009 10:27:31 AM
mbam-log-2009-07-22 (10-27-31).txt

Scan type: Quick Scan
Objects scanned: 93918
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\SYSTEM32\geyekrxotpynky.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\SYSTEM32\geyekrxotpynky.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

****************************************

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 22, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 22, 2009 19:54:23
Records in database: 2514912
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 57321
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:44:11

No malware has been detected. The scan area is clean.

The selected area was scanned.

hi

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Here's the latest ComboFix scan, sorry it took me a while to get it posted. Note again that I do NOT have Norton 360 installed any more.

****************************************

ComboFix 09-07-22.01 - Honey 07/22/2009 19:32.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.555 [GMT -5:00]
Running from: c:\documents and settings\Honey\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090722-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
.

2009-07-22 23:01 . 2009-07-22 23:20 -------- d-----w- c:\program files\A+ Complete Ebook
2009-07-22 15:33 . 2009-07-22 15:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 22:32 . 2009-07-21 22:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-21 22:32 . 2009-07-21 22:32 -------- d-----w- c:\program files\Telltale Games
2009-07-21 18:57 . 2009-07-21 18:57 -------- d-----w- c:\docume~1\Honey\APPLIC~1\Windows Search
2009-07-21 18:48 . 2009-07-21 18:48 -------- d-----w- c:\windows\system32\Adobe
2009-07-20 19:55 . 2009-07-20 19:55 -------- d-----w- c:\program files\ERUNT
2009-07-20 19:32 . 2009-07-20 19:32 -------- d-----w- c:\program files\Recuva
2009-07-18 07:53 . 2009-07-18 07:53 -------- d-----w- c:\program files\CCleaner
2009-07-18 06:54 . 2009-07-18 06:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2009-07-18 06:54 . 2009-07-18 06:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-18 06:54 . 2009-07-18 06:54 -------- d-----w- c:\docume~1\Honey\APPLIC~1\SUPERAntiSpyware.com
2009-07-18 06:54 . 2009-07-18 06:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-17 05:27 . 2009-07-17 05:45 -------- d-s---w- C:\Combo-Fix
2009-07-17 05:00 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-17 05:00 . 2009-07-17 05:00 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-17 05:00 . 2009-07-17 05:00 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-17 05:00 . 2009-07-17 05:00 -------- d-----w- c:\program files\Lavasoft
2009-07-17 04:30 . 2009-07-18 07:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-17 04:30 . 2009-07-17 04:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 04:00 . 2009-07-17 04:00 -------- d-----w- c:\docume~1\Honey\APPLIC~1\Malwarebytes
2009-07-17 03:59 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 03:59 . 2009-07-22 15:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 03:59 . 2009-07-17 03:59 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-17 03:59 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 02:02 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-17 02:02 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-17 02:02 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-17 02:02 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-17 02:02 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-17 02:02 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-17 02:02 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-17 02:02 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-17 02:01 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-17 00:49 . 2005-10-14 19:45 135168 ----a-w- c:\windows\system32\igfxres.dll
2009-07-16 22:48 . 2009-03-24 21:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-16 19:30 . 2009-07-18 04:48 -------- d-----w- C:\Sega
2009-07-16 19:29 . 2009-07-16 19:29 -------- d-----w- c:\documents and settings\Honey\WINDOWS
2009-07-16 04:38 . 2009-07-16 04:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-07-16 04:12 . 2009-07-21 19:39 -------- d-----w- c:\documents and settings\Honey\Tracing
2009-07-16 04:11 . 2009-07-16 04:11 -------- d-----w- c:\program files\Microsoft
2009-07-16 04:10 . 2009-07-16 04:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-16 04:10 . 2009-07-16 04:11 -------- d-----w- c:\program files\Windows Live
2009-07-16 04:08 . 2009-07-16 04:08 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-16 04:07 . 2009-07-16 04:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-16 04:07 . 2009-07-16 04:07 -------- d-----w- c:\docume~1\Honey\APPLIC~1\Windows Desktop Search
2009-07-16 04:07 . 2009-07-16 04:19 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-16 04:07 . 2009-07-16 04:07 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-16 04:06 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2009-07-16 04:06 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2009-07-16 04:06 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2009-07-16 04:06 . 2009-07-17 00:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-16 04:04 . 2009-07-16 04:05 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-16 04:04 . 2009-07-16 04:04 -------- d-----w- c:\windows\system32\LogFiles
2009-07-16 00:33 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-16 00:33 . 2009-07-16 00:33 -------- d-----w- c:\program files\Alwil Software
2009-07-15 22:52 . 2009-07-15 22:52 0 ----a-w- c:\windows\nsreg.dat
2009-07-15 22:52 . 2009-07-15 22:52 -------- d-----w- c:\documents and settings\Honey\Local Settings\Application Data\Mozilla
2009-07-15 22:40 . 2009-07-15 22:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-15 22:37 . 2009-07-15 22:37 -------- dc-h--w- c:\windows\ie8
2009-07-15 22:36 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-15 22:36 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-07-15 22:36 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-15 22:36 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-07-10 20:25 . 2009-07-17 00:51 -------- d-----w- c:\program files\ApproveIt
2009-07-10 20:25 . 2009-07-10 20:25 -------- d-----w- C:\LF30
2009-07-10 20:24 . 2009-07-10 20:24 -------- d-----w- C:\AGMLogs
2009-07-10 20:11 . 2009-07-10 20:11 -------- d-----w- c:\docume~1\Honey\APPLIC~1\PureEdge
2009-07-10 20:11 . 2009-07-10 20:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PureEdge
2009-07-10 20:11 . 2003-02-21 16:44 172032 ----a-w- c:\windows\system32\SSCE5332.dll
2009-07-10 20:11 . 2009-07-10 20:11 -------- d-----w- c:\program files\PureEdge
2009-07-10 20:04 . 2009-07-10 20:04 -------- d-----w- c:\program files\Common Files\ActivIdentity
2009-07-10 20:04 . 2009-07-10 20:04 -------- d-----w- c:\program files\ActivIdentity
2009-07-10 20:02 . 2009-07-10 20:02 -------- d-sh--w- c:\windows\ftpcache
2009-07-10 01:32 . 2009-07-10 01:32 -------- d-----w- c:\documents and settings\Honey\Local Settings\Application Data\Yahoo
2009-07-10 01:30 . 2009-07-10 01:30 262144 ----a-w- C:\ntuser.dat
2009-07-08 04:06 . 2009-07-08 04:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-08 03:54 . 2008-10-27 15:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-07-08 03:52 . 2009-07-08 03:52 -------- d-----w- c:\windows\Logs
2009-07-07 01:15 . 2009-07-17 20:51 -------- d-----w- c:\documents and settings\Honey\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 23:28 . 2005-04-02 19:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-22 20:56 . 2009-02-16 18:02 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-22 15:33 . 2004-12-04 23:51 -------- d-----w- c:\program files\Java
2009-07-22 15:22 . 2006-09-30 22:20 -------- d-----w- c:\docume~1\Honey\APPLIC~1\WeatherBug
2009-07-17 00:51 . 2008-06-06 00:25 -------- d-----w- c:\program files\PopCap Games
2009-07-16 04:11 . 2005-09-05 03:34 63088 ----a-w- c:\documents and settings\Honey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-16 02:35 . 2009-02-15 16:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Norton
2009-07-16 02:33 . 2004-12-04 23:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-16 00:09 . 2009-04-04 15:44 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-15 23:30 . 2005-08-09 20:58 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Ulead Systems
2009-07-15 23:30 . 2004-12-04 23:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 23:27 . 2009-02-16 18:08 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-10 20:10 . 2004-12-04 23:52 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-10 01:32 . 2005-08-04 17:34 -------- d--h--r- c:\docume~1\ALLUSE~1\APPLIC~1\yahoo!
2009-07-10 01:30 . 2005-08-04 17:38 -------- d--h--r- c:\docume~1\Honey\APPLIC~1\yahoo!
2009-07-10 01:30 . 2005-01-23 15:24 -------- d-----w- c:\program files\Yahoo!
2009-07-10 01:29 . 2005-09-21 00:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2009-07-08 03:55 . 2009-07-08 03:55 -------- d--h--r- c:\docume~1\Honey\APPLIC~1\SecuROM
2009-06-16 14:36 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 11:41 . 2009-02-16 18:02 -------- d-----w- c:\program files\Google
2009-05-25 05:24 . 2008-05-27 03:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-13 05:15 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 20:12 . 2005-06-18 19:36 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2004-08-04 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2006-09-30 22:27 . 2006-09-30 22:27 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2006-04-07 1343488]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Google Update"="c:\documents and settings\Honey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-02 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-09-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-16 4554752]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-12-21 278528]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"AprvRemoveLegacyWordKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe" [2008-01-18 73728]
"AprvRemoveLegacyExcelKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe" [2008-01-18 73728]
"ApproveItForOfficeSetup"="c:\program files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe" [2008-01-18 155648]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2004-09-16 921600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Honey\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
ApproveIt StartUp.lnk - c:\windows\Installer\{29EB04A2-633C-40BE-9673-12DE7360C04E}\Icon9557F1BC1.ico [2009-7-10 9216]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 21:08 112640 ----a-w- c:\windows\SYSTEM32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 21:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"N360"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPNSVR.EXE"=
"c:\\WINDOWS\\SYSTEM32\\DXDIAG.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Honey\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Honey\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [7/17/2009 12:00 AM 64160]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [7/16/2009 9:02 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 acautoup;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [5/15/2007 4:08 PM 46384]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 4:08 PM 182576]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [7/16/2009 9:02 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
S2 gupdate1c990613a62a7e;Google Update Service (gupdate1c990613a62a7e);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2009 1:04 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\SYSTEM32\DRIVERS\SCR3XX2K.sys [10/18/2007 12:11 AM 56960]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Microsoft Internet Explorer provided by Comcast
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = cdn
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\docume~1\Honey\APPLIC~1\Mozilla\Firefox\Profiles\nqy0a6qp.default\
FF - plugin: c:\documents and settings\Honey\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Honey\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 19:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
geyekrxotpynky.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrxotpynky.dll
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll

- - - - - - - > 'lsass.exe'(708)
geyekrxotpynky.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrxotpynky.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-07-23 19:47
ComboFix-quarantined-files.txt 2009-07-23 00:47

Pre-Run: 66,891,440,128 bytes free
Post-Run: 66,974,617,600 bytes free

319 --- E O F --- 2009-07-15 22:33

hi

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Here's the results of the GMER scan.

****************************************

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-23 08:58:57
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 86DF9080 ZwEnumerateKey
Code 86DB52F8 ZwFlushInstructionCache
Code 86E06296 ZwSaveKey
Code 86E6F00E ZwSaveKeyEx
Code 86EC4ABE IofCallDriver
Code 86CB600E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 86EC4AC3
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 86CB6013
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 86DB52FC
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 5 Bytes JMP 86DF9084
PAGE ntkrnlpa.exe!ZwSaveKey 8061BDE4 5 Bytes JMP 86E0629A
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8061BECA 5 Bytes JMP 86E6F012

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[216] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006A000A
.text C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe[388] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006B000A
.text C:\WINDOWS\System32\SCardSvr.exe[396] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0062000A
.text ...
.text C:\WINDOWS\system32\SearchIndexer.exe[2104] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2212] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009A000A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2744] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D000A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[2756] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[2868] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D000A
.text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[3028] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AC000A
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\ActivIdentity\ActivClient\acevents.exe [216] 0x00C00000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [236] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\nvsvc32.exe [384] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe [388] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\System32\SCardSvr.exe [396] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [640] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [688] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [700] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\msiexec.exe [704] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [980] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1108] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1148] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\ActivIdentity\ActivClient\acevents.exe [1204] 0x00920000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1228] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\ActivIdentity\ActivClient\acautoup.exe [1244] 0x00AB0000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\ActivIdentity\ActivClient\accoca.exe [1288] 0x003E0000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1340] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\basfipm.exe [1368] 0x00630000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1400] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [1472] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1628] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1680] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashServ.exe [1892] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\SearchIndexer.exe [2104] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2212] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2744] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2756] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [2768] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [2868] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [3028] 0x00AA0000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [3192] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [3260] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3304] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\WINDOWS\system32\wuauclt.exe [3656] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Documents and Settings\Honey\Desktop\gmer.exe [3792] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxotpynky.dll (*** hidden *** ) @ C:\Program Files\iPod\bin\iPodService.exe [3916] 0x10000000

---- EOF - GMER 1.0.15 ----

****************************************

This hidden file "geyekrxotpynky.dll" has given me some problems before. avast! previously detected a problem while starting which said it needed to do a boot-time scan to resolve the issue, however it would never detect it at boot-time, only when manually starting the scanner from the OS.

From there is when I installed Avira AntiVir (no longer installed) to use the rootkit scanner and automatically correct the issues. avast! no longer gave an error, but I wanted to let you know that I've seen reports of this file being infected previously.

hi

Download SysProt AntiRootkit to your desktop and unzip it to it's own folder there.

Close all open windows and run SysProt.exe
Click on the Log tab at the far right and check the boxes beside the following :


• Process
• SSDT
• Kernel Hooks
• Ports
• Registry


This will run for a shortwhile and will save the log at C:\SysProtLog.txt

Click OK at the prompt and close the program. Post the SysProtLog here in your reply.

There was no checkbox for Registry but there was one for "Hidden Files". I went ahead and checked that one. If you need me to rescan without that option I can.

****************************************

SysProt AntiRootkit v1.0.1.0
by swatkat

********************************************************************************
**********
********************************************************************************
**********

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\smss.exe
PID: 544
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\csrss.exe
PID: 616
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\winlogon.exe
PID: 640
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\services.exe
PID: 688
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\lsass.exe
PID: 700
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 860
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 980
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1080
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1224
Hidden: No
Window Visible: No

Name: C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PID: 1252
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1312
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1660
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID: 1676
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID: 1828
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\spoolsv.exe
PID: 216
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PID: 300
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\scardsvr.exe
PID: 424
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1072
Hidden: No
Window Visible: No

Name: C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
PID: 1196
Hidden: No
Window Visible: No

Name: C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PID: 1172
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\BAsfIpM.exe
PID: 1368
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 192
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\nvsvc32.exe
PID: 520
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1292
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\searchindexer.exe
PID: 2076
Hidden: No
Window Visible: No

Name: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PID: 2204
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PID: 2588
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PID: 2688
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PID: 2724
Hidden: No
Window Visible: No

Name: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PID: 2732
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 2740
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 2812
Hidden: No
Window Visible: No

Name: C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PID: 3184
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\alg.exe
PID: 3200
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\ctfmon.exe
PID: 3248
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 4048
Hidden: No
Window Visible: No

Name: C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PID: 4060
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\searchprotocolhost.exe
PID: 4752
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\searchfilterhost.exe
PID: 4088
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Honey\Desktop\SysProt\SysProt.exe
PID: 3772
Hidden: No
Window Visible: Yes

********************************************************************************
**********
********************************************************************************
**********
No SSDT Hooks found

********************************************************************************
**********
********************************************************************************
**********
Kernel Hooks:
Hooked Function: ZwSaveKeyEx
At Address: 8061BECA
Jump To: 86EAC9DA
Module Name: _unknown_

Hooked Function: ZwSaveKey
At Address: 8061BDE4
Jump To: 86CFBD1A
Module Name: _unknown_

Hooked Function: ZwFlushInstructionCache
At Address: 805ABEC4
Jump To: 86EAFB64
Module Name: _unknown_

Hooked Function: ZwEnumerateKey
At Address: 8061AB70
Jump To: 86EACAB4
Module Name: _unknown_

Hooked Function: IofCompleteRequest
At Address: 804EE1C0
Jump To: 86DEDAEB
Module Name: _unknown_

Hooked Function: IofCallDriver
At Address: 804EE130
Jump To: 86CFA5FB
Module Name: _unknown_

********************************************************************************
**********
********************************************************************************
**********
Ports:
Local Address: CALVINCOMPUTER:12143
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: CALVINCOMPUTER:12119
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: CALVINCOMPUTER:12110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: CALVINCOMPUTER:12080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
State: LISTENING

Local Address: CALVINCOMPUTER:12025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: CALVINCOMPUTER:5152
Remote Address: LOCALHOST:2573
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: CALVINCOMPUTER:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: CALVINCOMPUTER:2573
Remote Address: LOCALHOST:5152
Type: TCP
Process: 2932 (PID)
State: FIN_WAIT2

Local Address: CALVINCOMPUTER:2570
Remote Address: LOCALHOST:2569
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CALVINCOMPUTER:2498
Remote Address: LOCALHOST:2497
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CALVINCOMPUTER:1028
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\SYSTEM32\alg.exe
State: LISTENING

Local Address: CALVINCOMPUTER.SATX.RR.COM:2575
Remote Address: GX-IN-F147.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CALVINCOMPUTER.SATX.RR.COM:2516
Remote Address: GY-IN-F113.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CALVINCOMPUTER.SATX.RR.COM:2513
Remote Address: 207.123.37.126:HTTP
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
State: LAST_ACK

Local Address: CALVINCOMPUTER.SATX.RR.COM:2512
Remote Address: 207.123.37.126:HTTP
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
State: LAST_ACK

Local Address: CALVINCOMPUTER.SATX.RR.COM:2503
Remote Address: YI-IN-F105.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CALVINCOMPUTER.SATX.RR.COM:2119
Remote Address: 213-133-110-21.CLIENTS.YOUR-SERVER.DE:HTTPS
Type: TCP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: CLOSE_WAIT

Local Address: CALVINCOMPUTER.SATX.RR.COM:2118
Remote Address: STATIC.91.213.46.78.CLIENTS.YOUR-SERVER.DE:HTTPS
Type: TCP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: CLOSE_WAIT

Local Address: CALVINCOMPUTER.SATX.RR.COM:1247
Remote Address: A72-246-97-25.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: CLOSE_WAIT

Local Address: CALVINCOMPUTER.SATX.RR.COM:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CALVINCOMPUTER:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CALVINCOMPUTER:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: LISTENING

Local Address: CALVINCOMPUTER:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: CALVINCOMPUTER:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: CALVINCOMPUTER.SATX.RR.COM:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: CALVINCOMPUTER.SATX.RR.COM:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CALVINCOMPUTER.SATX.RR.COM:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CALVINCOMPUTER.SATX.RR.COM:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: CALVINCOMPUTER:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\lsass.exe
State: NA

Local Address: CALVINCOMPUTER:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\lsass.exe
State: NA

Local Address: CALVINCOMPUTER:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

********************************************************************************
**********
********************************************************************************
**********
Hidden files/folders:
Object: C:\Documents and Settings\Honey\Local Settings\Temp\geyekr000
Status: Hidden

Object: C:\Documents and Settings\Honey\Local Settings\Temp\geyekrrmomoysv000
Status: Hidden

Object: C:\Program Files\Alwil Software\Avast4\DATA\moved\geyekrxotpynky.dll.vir
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}
Status: Access denied

Object: C:\WINDOWS\SYSTEM32\DRIVERS\geyekrgdndoyrj.sys
Status: Hidden

Object: C:\WINDOWS\SYSTEM32\geyekrbaeoxjjd.dll
Status: Hidden

Object: C:\WINDOWS\SYSTEM32\geyekrldljgxtp.dat
Status: Hidden

Object: C:\WINDOWS\SYSTEM32\geyekrulqpnrwd.dat
Status: Hidden

Object: C:\WINDOWS\SYSTEM32\geyekrxotpynky.dll
Status: Hidden

Object: C:\WINDOWS\Temp\geyekrexsophblqb.tmp
Status: Hidden

Object: C:\WINDOWS\Temp\geyekrthwhxidyrb.tmp
Status: Hidden

Object: C:\WINDOWS\Temp\geyekrwxrquqsbcj.tmp
Status: Hidden

Object: C:\WINDOWS\Temp\geyekryhdskyvohv.tmp
Status: Hidden

hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Here's the latest ComboFix log, run with the CFScript.txt as you said.

****************************************

ComboFix 09-07-23.04 - Honey 07/24/2009 9:32.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.556 [GMT -5:00]
Running from: c:\documents and settings\Honey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Honey\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090724-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 )))))))))))))))))))))))))))))))
.

2009-07-22 23:01 . 2009-07-22 23:20 -------- d-----w- c:\program files\A+ Complete Ebook
2009-07-22 15:33 . 2009-07-22 15:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 15:33 . 2009-07-22 15:33 152576 ----a-w- c:\documents and settings\Honey\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-21 22:32 . 2009-07-21 22:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-21 22:32 . 2009-07-21 22:32 -------- d-----w- c:\program files\Telltale Games
2009-07-21 18:57 . 2009-07-21 18:57 -------- d-----w- c:\documents and settings\Honey\Application Data\Windows Search
2009-07-21 18:48 . 2009-07-21 18:48 -------- d-----w- c:\windows\system32\Adobe
2009-07-20 19:55 . 2009-07-20 19:55 -------- d-----w- c:\program files\ERUNT
2009-07-20 19:32 . 2009-07-20 19:32 -------- d-----w- c:\program files\Recuva
2009-07-19 03:00 . 2008-12-04 06:25 120832 ----a-w- c:\documents and settings\Honey\Application Data\Mozilla\Firefox\Profiles\nqy0a6qp.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-07-18 07:53 . 2009-07-18 07:53 -------- d-----w- c:\program files\CCleaner
2009-07-18 06:55 . 2009-07-24 14:47 117760 ----a-w- c:\documents and settings\Honey\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-18 06:54 . 2009-07-18 06:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2009-07-18 06:54 . 2009-07-18 06:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-18 06:54 . 2009-07-18 06:54 -------- d-----w- c:\documents and settings\Honey\Application Data\SUPERAntiSpyware.com
2009-07-18 06:54 . 2009-07-18 06:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-17 05:27 . 2009-07-17 05:45 -------- d-s---w- C:\Combo-Fix
2009-07-17 05:00 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-17 05:00 . 2009-07-17 05:00 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-17 05:00 . 2009-07-17 05:00 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-17 05:00 . 2009-07-17 05:00 -------- d-----w- c:\program files\Lavasoft
2009-07-17 04:30 . 2009-07-18 07:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-17 04:30 . 2009-07-17 04:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 04:00 . 2009-07-17 04:00 -------- d-----w- c:\documents and settings\Honey\Application Data\Malwarebytes
2009-07-17 03:59 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 03:59 . 2009-07-22 15:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 03:59 . 2009-07-17 03:59 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-17 03:59 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 02:02 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-17 02:02 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-17 02:02 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-17 02:02 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-17 02:02 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-17 02:02 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-17 02:02 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-17 02:02 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-17 02:01 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-17 00:49 . 2005-10-14 19:45 135168 ----a-w- c:\windows\system32\igfxres.dll
2009-07-16 22:48 . 2009-03-24 21:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-16 19:30 . 2009-07-18 04:48 -------- d-----w- C:\Sega
2009-07-16 19:29 . 2009-07-16 19:29 -------- d-----w- c:\documents and settings\Honey\WINDOWS
2009-07-16 04:38 . 2009-07-23 19:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-07-16 04:12 . 2009-07-23 15:12 -------- d-----w- c:\documents and settings\Honey\Tracing
2009-07-16 04:11 . 2009-07-16 04:11 -------- d-----w- c:\program files\Microsoft
2009-07-16 04:10 . 2009-07-16 04:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-16 04:10 . 2009-07-16 04:11 -------- d-----w- c:\program files\Windows Live
2009-07-16 04:08 . 2009-07-16 04:08 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-16 04:07 . 2009-07-16 04:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-16 04:07 . 2009-07-16 04:07 -------- d-----w- c:\documents and settings\Honey\Application Data\Windows Desktop Search
2009-07-16 04:07 . 2009-07-16 04:19 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-16 04:07 . 2009-07-16 04:07 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-16 04:06 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2009-07-16 04:06 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2009-07-16 04:06 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2009-07-16 04:06 . 2009-07-17 00:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-16 04:04 . 2009-07-16 04:05 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-16 04:04 . 2009-07-16 04:04 -------- d-----w- c:\windows\system32\LogFiles
2009-07-16 00:33 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-16 00:33 . 2009-07-16 00:33 -------- d-----w- c:\program files\Alwil Software
2009-07-15 22:52 . 2009-07-15 22:52 0 ----a-w- c:\windows\nsreg.dat
2009-07-15 22:52 . 2009-07-15 22:52 -------- d-----w- c:\documents and settings\Honey\Local Settings\Application Data\Mozilla
2009-07-15 22:40 . 2009-07-15 22:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-15 22:37 . 2009-07-15 22:37 -------- dc-h--w- c:\windows\ie8
2009-07-15 22:36 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-15 22:36 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-07-15 22:36 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-15 22:36 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-07-10 20:25 . 2009-07-17 00:51 -------- d-----w- c:\program files\ApproveIt
2009-07-10 20:25 . 2009-07-10 20:25 -------- d-----w- C:\LF30
2009-07-10 20:24 . 2009-07-10 20:24 -------- d-----w- C:\AGMLogs
2009-07-10 20:11 . 2009-07-10 20:11 -------- d-----w- c:\documents and settings\Honey\Application Data\PureEdge
2009-07-10 20:11 . 2009-07-10 20:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PureEdge
2009-07-10 20:11 . 2003-02-21 16:44 172032 ----a-w- c:\windows\system32\SSCE5332.dll
2009-07-10 20:11 . 2009-07-10 20:11 -------- d-----w- c:\program files\PureEdge
2009-07-10 20:04 . 2009-07-10 20:04 -------- d-----w- c:\program files\Common Files\ActivIdentity
2009-07-10 20:04 . 2009-07-10 20:04 -------- d-----w- c:\program files\ActivIdentity
2009-07-10 20:02 . 2009-07-10 20:02 -------- d-sh--w- c:\windows\ftpcache
2009-07-10 01:32 . 2009-07-10 01:32 -------- d-----w- c:\documents and settings\Honey\Local Settings\Application Data\Yahoo
2009-07-10 01:30 . 2009-07-10 01:30 262144 ----a-w- C:\ntuser.dat
2009-07-08 04:06 . 2009-07-08 04:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-08 03:54 . 2008-10-27 15:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-07-08 03:52 . 2009-07-08 03:52 -------- d-----w- c:\windows\Logs
2009-07-07 01:15 . 2009-07-17 20:51 -------- d-----w- c:\documents and settings\Honey\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 22:11 . 2009-02-16 18:02 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-23 15:08 . 2009-02-16 15:54 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-22 23:28 . 2005-04-02 19:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-22 15:33 . 2004-12-04 23:51 -------- d-----w- c:\program files\Java
2009-07-22 15:22 . 2006-09-30 22:20 -------- d-----w- c:\documents and settings\Honey\Application Data\WeatherBug
2009-07-17 00:51 . 2008-06-06 00:25 -------- d-----w- c:\program files\PopCap Games
2009-07-16 04:11 . 2005-09-05 03:34 63088 ----a-w- c:\documents and settings\Honey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-16 02:35 . 2009-02-15 16:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Norton
2009-07-16 02:33 . 2004-12-04 23:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-16 00:09 . 2009-04-04 15:44 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-15 23:30 . 2005-08-09 20:58 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Ulead Systems
2009-07-15 23:30 . 2004-12-04 23:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 23:27 . 2009-02-16 18:08 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-10 20:10 . 2004-12-04 23:52 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-10 01:32 . 2005-08-04 17:34 -------- d--h--r- c:\docume~1\ALLUSE~1\APPLIC~1\yahoo!
2009-07-10 01:30 . 2005-08-04 17:38 -------- d--h--r- c:\documents and settings\Honey\Application Data\yahoo!
2009-07-10 01:30 . 2005-01-23 15:24 -------- d-----w- c:\program files\Yahoo!
2009-07-10 01:29 . 2005-09-21 00:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2009-07-08 03:55 . 2009-07-08 03:55 -------- d--h--r- c:\documents and settings\Honey\Application Data\SecuROM
2009-06-22 20:23 . 2009-06-22 20:23 239088 ----a-w- c:\documents and settings\Honey\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-16 14:36 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 11:41 . 2009-02-16 18:02 -------- d-----w- c:\program files\Google
2009-05-25 05:24 . 2008-05-27 03:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-13 05:15 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 20:12 . 2005-06-18 19:36 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2004-08-04 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2006-09-30 22:27 . 2006-09-30 22:27 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-23_00.43.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-24 14:45 . 2009-07-24 14:45 16384 c:\windows\Temp\Perflib_Perfdata_62c.dat
+ 2009-07-24 14:45 . 2009-07-24 14:45 16384 c:\windows\Temp\Perflib_Perfdata_578.dat
- 2005-01-09 17:10 . 2009-07-23 00:30 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-01-09 17:10 . 2009-07-24 14:29 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-01-09 17:10 . 2009-07-24 14:29 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-01-09 17:10 . 2009-07-23 00:30 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-01-09 17:10 . 2009-07-23 00:30 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2005-01-09 17:10 . 2009-07-24 14:29 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2009-07-15 22:40 . 2009-07-23 00:30 245760 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat
+ 2009-07-15 22:40 . 2009-07-24 14:29 245760 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat
+ 2009-07-24 13:46 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\7-24-2009\ERDNT.EXE
+ 2009-07-23 13:52 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\7-23-2009\ERDNT.EXE
+ 2009-07-23 13:53 . 2009-07-23 13:53 15706112 c:\windows\Installer\2db28.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2006-04-07 1343488]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Google Update"="c:\documents and settings\Honey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-02 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-09-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-16 4554752]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-12-21 278528]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"AprvRemoveLegacyWordKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe" [2008-01-18 73728]
"AprvRemoveLegacyExcelKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe" [2008-01-18 73728]
"ApproveItForOfficeSetup"="c:\program files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe" [2008-01-18 155648]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2004-09-16 921600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Honey\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
ApproveIt StartUp.lnk - c:\windows\Installer\{29EB04A2-633C-40BE-9673-12DE7360C04E}\Icon9557F1BC1.ico [2009-7-10 9216]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 21:08 112640 ----a-w- c:\windows\SYSTEM32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 21:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"N360"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPNSVR.EXE"=
"c:\\WINDOWS\\SYSTEM32\\DXDIAG.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Honey\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Honey\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [7/17/2009 12:00 AM 64160]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [7/16/2009 9:02 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 acautoup;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [5/15/2007 4:08 PM 46384]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 4:08 PM 182576]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [7/16/2009 9:02 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S2 gupdate1c990613a62a7e;Google Update Service (gupdate1c990613a62a7e);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2009 1:04 PM 133104]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\SYSTEM32\DRIVERS\SCR3XX2K.sys [10/18/2007 12:11 AM 56960]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Microsoft Internet Explorer provided by Comcast
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = cdn
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\docume~1\Honey\APPLIC~1\Mozilla\Firefox\Profiles\nqy0a6qp.default\
FF - plugin: c:\documents and settings\Honey\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Honey\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\documents and settings\Honey\My Documents\Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\documents and settings\Honey\My Documents\Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-24 09:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\Perflib_Perfdata_d24.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-80496231-3960135244-1515697187-1005\Software\SecuROM\License information*]
"datasecu"=hex:35,91,eb,a9,c0,a3,f2,6c,ed,0e,f1,81,1f,04,3e,ff,9f,1f,1f,b0,0b,
ef,4c,7e,ec,e3,31,8c,be,04,e5,f7,cf,13,7f,9a,c0,25,7a,09,98,8a,5f,99,86,ba,\
"rkeysecu"=hex:83,98,1d,6f,4a,f3,39,d5,2a,58,38,8e,1d,6b,7f,7b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll

- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\SYSTEM32\scardsvr.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\SYSTEM32\BAsfIpM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\searchprotocolhost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\SYSTEM32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-07-24 9:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-24 14:51
ComboFix2.txt 2009-07-23 00:47

Pre-Run: 66,926,223,360 bytes free
Post-Run: 66,895,360,000 bytes free

376 --- E O F --- 2009-07-23 13:54

update mbam, run a quick scan post that log


open OTL click Quick Scan post that log

Here's the requested logs. Sorry if you wanted minimal output from OTL, you didn't specify so I didn't change any of the settings, I just clicked Quick Scan.

****************************************

Malwarebytes' Anti-Malware 1.39
Database version: 2498
Windows 5.1.2600 Service Pack 3

7/25/2009 1:19:00 AM
mbam-log-2009-07-25 (01-19-00).txt

Scan type: Quick Scan
Objects scanned: 93999
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

****************************************

OTL logfile created on: 7/25/2009 1:22:42 AM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\Honey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 530.83 Mb Available Physical Memory | 52.35% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 75.81% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 62.24 Gb Free Space | 83.60% Space Free | Partition Type: NTFS
Drive D: | 98.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CALVINCOMPUTER
Current User Name: Honey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/03 09:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2007/05/15 16:08:38 | 00,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/07/06 20:09:19 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2007/05/15 16:08:38 | 00,046,384 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
PRC - [2007/05/15 16:08:40 | 00,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2009/02/05 15:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/02/23 08:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2004/04/01 19:05:48 | 00,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\System32\basfipm.exe
PRC - [2009/07/22 10:33:29 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/02/01 19:58:29 | 00,155,648 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2009/07/22 10:33:29 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2004/09/16 15:39:16 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/12/20 21:54:48 | 00,278,528 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/08/16 09:56:42 | 00,339,968 | ---- | M] () -- C:\Program Files\AGEIA Technologies\TrayIcon.exe
PRC - [2007/05/15 16:08:08 | 00,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/06/23 11:01:38 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2006/04/07 15:02:24 | 01,343,488 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2007/05/15 16:08:38 | 00,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/15 16:08:00 | 00,130,864 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2004/08/04 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2005/12/20 21:54:34 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/03 09:49:06 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2005/10/14 14:46:24 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2009/07/25 01:22:09 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Honey\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/05/15 16:08:38 | 00,046,384 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acautoup.exe -- (acautoup [Auto | Running])
SRV - [2007/05/15 16:08:40 | 00,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2004/04/01 19:05:48 | 00,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\System32\basfipm.exe -- (BAsfIpM [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/16 13:04:19 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c990613a62a7e [Auto | Stopped])
SRV - [2009/04/01 16:07:52 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2005/12/20 21:54:34 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Running])
SRV - [2009/07/22 10:33:29 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/03 09:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2004/09/16 15:39:16 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 85 9A 94 5E 90 C9 01 [binary data]
IE - URLSearchHook: - Reg Error: Key error. File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/15 18:03:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/22 10:33:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Documents and Settings\Honey\My Documents\Firefox\components [2009/07/18 22:08:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Documents and Settings\Honey\My Documents\Firefox\plugins [2009/07/22 18:29:06 | 00,000,000 | ---D | M]

[2009/07/15 17:52:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\mozilla\Extensions
[2009/07/15 17:52:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/25 00:56:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\mozilla\Firefox\Profiles\nqy0a6qp.default\extensions
[2009/07/15 18:14:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\mozilla\Firefox\Profiles\nqy0a6qp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/18 22:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\mozilla\Firefox\Profiles\nqy0a6qp.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
O4 - HKLM..\Run: [ApproveItForOfficeSetup] C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe (Silanis Technology Inc.)
O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Honey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk = C:\WINDOWS\Installer\{29EB04A2-633C-40BE-9673-12DE7360C04E}\Icon9557F1BC1.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Honey\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/02/16 12:59:10 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/02/16 12:59:10 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/02/16 12:59:10 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/02/16 12:59:10 | 00,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1234799743843 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.93.41.127 24.93.41.128
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\System32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/09/24 17:36:06 | 00,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/p) - File not found
O34 - HKLM BootExecute: (\??\C:) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[1 C:\Documents and Settings\Honey\My Documents\*.tmp files]
[2009/07/25 01:22:07 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Honey\Desktop\OTL.exe
[2009/07/23 14:50:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\Desktop\SysProt
[2009/07/22 19:27:03 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/22 19:27:03 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/22 19:27:03 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/22 19:27:03 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/22 19:27:03 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/22 19:27:03 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/22 19:27:03 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/22 19:26:17 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/22 19:24:47 | 03,150,548 | R--- | C] () -- C:\Documents and Settings\Honey\Desktop\ComboFix.exe
[2009/07/22 18:29:06 | 00,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/07/22 18:01:09 | 00,000,000 | ---D | C] -- C:\Program Files\A+ Complete Ebook
[2009/07/22 10:23:23 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/22 10:18:36 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Honey\Desktop\TFC.exe
[2009/07/21 17:32:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\My Documents\Telltale Games
[2009/07/21 17:32:36 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/07/21 17:32:28 | 00,001,146 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Episode 1 - Homestar Ruiner.lnk
[2009/07/21 17:32:26 | 00,000,000 | ---D | C] -- C:\Program Files\Telltale Games
[2009/07/21 13:57:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\Application Data\Windows Search
[2009/07/21 13:48:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/07/20 19:11:37 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/07/20 19:11:37 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/07/20 16:54:08 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Honey\Desktop\settings.dat
[2009/07/20 14:55:15 | 00,000,809 | ---- | C] () -- C:\Documents and Settings\Honey\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/20 14:55:08 | 00,000,653 | ---- | C] () -- C:\Documents and Settings\Honey\Desktop\NTREGOPT.lnk
[2009/07/20 14:55:08 | 00,000,634 | ---- | C] () -- C:\Documents and Settings\Honey\Desktop\ERUNT.lnk
[2009/07/20 14:55:08 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/20 14:54:14 | 00,023,356 | ---- | C] () -- C:\WINDOWS\System32\AAWService_2009_07_20_14_54_14.dmp
[2009/07/20 14:32:39 | 00,000,000 | ---D | C] -- C:\Program Files\Recuva
[2009/07/18 22:36:18 | 00,004,298 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_223616.reg
[2009/07/18 22:29:15 | 10,633,99424 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/18 04:03:29 | 00,001,032 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_040328.reg
[2009/07/18 03:00:21 | 00,002,427 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
[2009/07/18 03:00:21 | 00,001,947 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
[2009/07/18 03:00:21 | 00,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/07/18 02:57:21 | 00,000,790 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025719.reg
[2009/07/18 02:57:08 | 00,000,430 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025706.reg
[2009/07/18 02:56:53 | 00,045,664 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025651.reg
[2009/07/18 02:54:57 | 00,893,698 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025454.reg
[2009/07/18 02:53:11 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/07/18 01:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/07/18 01:54:38 | 00,000,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/18 01:54:36 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/18 01:54:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\Application Data\SUPERAntiSpyware.com
[2009/07/18 01:54:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/07/17 00:42:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/17 00:29:47 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/07/17 00:29:42 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/17 00:29:40 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/17 00:27:40 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/17 00:27:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/17 00:27:12 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/07/17 00:01:09 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/17 00:00:56 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/07/17 00:00:13 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/07/17 00:00:12 | 00,000,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/07/17 00:00:05 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/07/17 00:00:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/07/16 23:30:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/16 23:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/07/16 23:00:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\Application Data\Malwarebytes
[2009/07/16 22:59:54 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/16 22:59:53 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/16 22:59:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/16 22:59:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/16 21:02:10 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/07/16 21:02:10 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/16 21:02:08 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/07/16 21:02:07 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/07/16 21:02:05 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/07/16 21:02:04 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/07/16 21:02:04 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/07/16 21:02:04 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/07/16 21:02:04 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/07/16 21:01:44 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/07/16 21:01:44 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/07/16 17:48:24 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/07/16 14:30:00 | 00,000,000 | ---D | C] -- C:\Sega
[2009/07/15 23:12:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2009/07/15 23:11:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/07/15 23:11:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/07/15 23:10:53 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/07/15 23:10:26 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/07/15 23:08:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/07/15 23:07:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\Application Data\Windows Desktop Search
[2009/07/15 23:07:17 | 00,001,829 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/07/15 23:07:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/07/15 23:07:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/07/15 23:06:05 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/07/15 23:04:25 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/07/15 23:04:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/07/15 23:04:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/07/15 19:33:28 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/15 18:51:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/07/15 17:52:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/15 17:52:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\Local Settings\Application Data\Mozilla
[2009/07/15 17:50:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\My Documents\Firefox
[2009/07/15 17:48:31 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/07/15 17:37:38 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/15 12:35:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\My Documents\tiff and britts stuff
[2009/07/14 17:04:41 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\Raven.doc
[2009/07/14 12:23:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\My Documents\AGS
[2009/07/12 21:39:46 | 00,469,504 | ---- | C] ( ) -- C:\Documents and Settings\Honey\Desktop\RootRepeal.exe
[2009/07/11 22:59:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\My Documents\My Saved Games
[2009/07/11 22:58:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Honey\My Documents\Heed
[2009/07/11 22:55:35 | 12,504,169 | ---- | C] () -- C:\Documents and Settings\Honey\My Documents\Heed Beta.zip

========== Files - Modified Within 14 Days ==========

[1 C:\Documents and Settings\Honey\My Documents\*.tmp files]
[2009/07/25 01:22:09 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Honey\Desktop\OTL.exe
[2009/07/25 01:15:01 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-80496231-3960135244-1515697187-1005UA.job
[2009/07/25 01:14:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/24 20:15:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-80496231-3960135244-1515697187-1005Core.job
[2009/07/24 20:14:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/24 18:12:31 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/07/24 09:47:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/24 09:46:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/07/24 09:46:04 | 00,002,427 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
[2009/07/24 09:45:51 | 00,004,626 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/24 09:45:16 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/07/24 09:45:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/24 09:44:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/07/24 09:44:39 | 10,633,99424 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/24 09:24:29 | 03,150,548 | R--- | M] () -- C:\Documents and Settings\Honey\Desktop\ComboFix.exe
[2009/07/24 00:00:22 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/23 08:54:56 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Honey\Desktop\gmer.exe
[2009/07/22 18:29:36 | 02,554,118 | -H-- | M] () -- C:\Documents and Settings\Honey\Local Settings\Application Data\IconCache.db
[2009/07/22 18:29:06 | 00,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/07/22 10:23:23 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/22 10:18:41 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Honey\Desktop\TFC.exe
[2009/07/21 19:19:05 | 00,469,504 | ---- | M] ( ) -- C:\Documents and Settings\Honey\Desktop\RootRepeal.exe
[2009/07/21 17:32:36 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/07/21 17:32:28 | 00,001,146 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Episode 1 - Homestar Ruiner.lnk
[2009/07/20 19:11:37 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/07/20 19:11:37 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/07/20 16:54:08 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Honey\Desktop\settings.dat
[2009/07/20 14:55:15 | 00,000,809 | ---- | M] () -- C:\Documents and Settings\Honey\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/20 14:55:08 | 00,000,653 | ---- | M] () -- C:\Documents and Settings\Honey\Desktop\NTREGOPT.lnk
[2009/07/20 14:55:08 | 00,000,634 | ---- | M] () -- C:\Documents and Settings\Honey\Desktop\ERUNT.lnk
[2009/07/20 14:54:15 | 00,023,356 | ---- | M] () -- C:\WINDOWS\System32\AAWService_2009_07_20_14_54_14.dmp
[2009/07/18 22:36:21 | 00,004,298 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_223616.reg
[2009/07/18 22:06:13 | 00,243,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/18 04:03:36 | 00,001,032 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_040328.reg
[2009/07/18 03:00:27 | 00,000,603 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/07/18 03:00:27 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/07/18 02:57:22 | 00,000,790 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025719.reg
[2009/07/18 02:57:10 | 00,000,430 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025706.reg
[2009/07/18 02:56:56 | 00,045,664 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025651.reg
[2009/07/18 02:55:05 | 00,893,698 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\cc_20090718_025454.reg
[2009/07/18 01:54:38 | 00,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/17 00:00:12 | 00,000,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/07/16 21:02:10 | 00,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/16 21:02:04 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/16 17:11:59 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/07/15 23:11:53 | 00,063,088 | ---- | M] () -- C:\Documents and Settings\Honey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/15 23:07:17 | 00,001,829 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/07/15 23:07:14 | 00,545,364 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/15 23:07:14 | 00,463,510 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/07/15 23:07:14 | 00,078,786 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/07/15 23:06:20 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/07/15 23:06:20 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/07/15 23:04:25 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/07/15 17:52:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/07/15 16:09:02 | 00,000,151 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[2009/07/15 11:31:56 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\Raven.doc
[2009/07/13 23:07:23 | 00,509,952 | ---- | M] () -- C:\Documents and Settings\Honey\Desktop\(Tiffany's) Just Keep Moving Forward.doc
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/11 22:55:36 | 12,504,169 | ---- | M] () -- C:\Documents and Settings\Honey\My Documents\Heed Beta.zip

========== LOP Check ==========

[2009/07/22 18:30:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/15 19:09:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/07/17 00:00:13 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2008/12/03 20:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2006/02/10 17:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/07/15 21:35:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/04/04 10:42:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/02/06 19:01:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/04/04 10:04:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/07/10 15:11:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2004/12/04 18:32:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2005/01/24 10:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/12/05 18:00:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/07/15 18:27:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/07/21 20:18:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/07/15 18:30:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/07/21 13:57:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Honey\Application Data
[2005/07/22 13:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\4200Series
[2006/11/22 18:21:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\AngoToolbarzay
[2006/02/10 17:55:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\Intuit
[2005/07/27 12:58:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\Leadertech
[2009/07/10 15:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\PureEdge
[2009/07/07 22:55:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Honey\Application Data\SecuROM
[2005/12/04 16:16:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\teamspeak2
[2005/08/09 16:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\Ulead Systems
[2009/07/22 10:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\WeatherBug
[2009/07/15 23:07:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\Windows Desktop Search
[2009/07/21 13:57:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Honey\Application Data\Windows Search
[2009/07/24 00:00:22 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/07/24 18:12:31 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/07/24 20:14:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/07/25 01:14:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/07/24 20:15:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-80496231-3960135244-1515697187-1005Core.job
[2009/07/25 01:15:01 | 00,000,978 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-80496231-3960135244-1515697187-1005UA.job
[2009/07/24 09:45:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

****************************************

OTL Extras logfile created on: 7/25/2009 1:22:42 AM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\Honey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 530.83 Mb Available Physical Memory | 52.35% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 75.81% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 62.24 Gb Free Space | 83.60% Space Free | Partition Type: NTFS
Drive D: | 98.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CALVINCOMPUTER
Current User Name: Honey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\DPNSVR.EXE" = C:\WINDOWS\SYSTEM32\DPNSVR.EXE:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\DXDIAG.EXE" = C:\WINDOWS\SYSTEM32\DXDIAG.EXE:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\Honey\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Honey\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Honey\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Honey\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1535DCC2-6EB2-4FAC-9ABB-C3DC939BB87A}" = Chicken Hunter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{29EB04A2-633C-40BE-9673-12DE7360C04E}" = ApproveIt Desktop 5.9
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{496912F4-0DF6-4288-92C9-7B5AF0A21699}" = City Game Tracker
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"{55D1E12B-7812-40E5-A3D8-B7B8572A4501}" = MapPack
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient CAC 6.1 x86
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F6B1D53B-2A68-377D-AC39-C8FD359FF6F1}" = Google Talk Plugin
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AGEIA PhysX v2.5.1" = AGEIA PhysX v2.5.1
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"Chuzzle Deluxe 1.01" = Chuzzle Deluxe 1.01
"Episode 1 - Homestar Ruiner" = Strong Bad - Strong Bad Episode 1 - Homestar Ruiner
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly 3" = Monopoly 3 (remove only)
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RealArcade 1.2" = RealArcade
"Recuva" = Recuva (remove only)
"Sega Smash Pack" = Sega Smash Pack
"Sega Smash Pack II" = Sega Smash Pack II
"V5385 Digital Camera Driver" = V5385 Digital Camera Driver
"WeatherBug" = WeatherBug
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/15/2009 9:44:09 PM | Computer Name = CALVINCOMPUTER | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 7/16/2009 9:18:40 PM | Computer Name = CALVINCOMPUTER | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 7/16/2009 11:24:03 PM | Computer Name = CALVINCOMPUTER | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 7/18/2009 5:04:06 AM | Computer Name = CALVINCOMPUTER | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 7/20/2009 4:12:52 PM | Computer Name = CALVINCOMPUTER | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

[ Application Events ]
Error - 7/24/2009 10:25:23 AM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\DUMPHIVE.CFEXE> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 7/24/2009 10:25:23 AM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\DUMPHIVE.CFEXE> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 7/24/2009 10:25:23 AM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\ERUNT.CFEXE> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 7/24/2009 10:25:23 AM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\ERUNT.CFEXE> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 7/24/2009 10:25:23 AM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\EXTRACT.CFEXE> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 7/24/2009 10:25:23 AM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\EXTRACT.CFEXE> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 7/24/2009 10:25:23 AM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\GREP.CFEXE> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 7/24/2009 10:25:23 AM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\GREP.CFEXE> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 7/24/2009 10:25:23 AM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\GSAR.CFEXE> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 7/24/2009 10:25:23 AM | Computer Name = CALVINCOMPUTER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\GSAR.CFEXE> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

[ System Events ]
Error - 7/22/2009 8:28:48 PM | Computer Name = CALVINCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/22/2009 8:31:15 PM | Computer Name = CALVINCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 7/22/2009 8:32:13 PM | Computer Name = CALVINCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/22/2009 8:43:27 PM | Computer Name = CALVINCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/22/2009 8:43:29 PM | Computer Name = CALVINCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/24/2009 10:27:54 AM | Computer Name = CALVINCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/24/2009 10:30:23 AM | Computer Name = CALVINCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 7/24/2009 10:31:24 AM | Computer Name = CALVINCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/24/2009 10:43:13 AM | Computer Name = CALVINCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/24/2009 10:46:33 AM | Computer Name = CALVINCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.


< End of report >

Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html



Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  
  
• TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  
  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
  
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
  
• FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  
  
• Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
  
  
• Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

Thanks a million Rorschach. Every one of the problems I described appear corrected. I was able to get avast! to perform a full scan without any errors, the redirection appears corrected, I was also able to run Chkdsk as well as defragmenting the hard drive and running Recuva.

Everything appears to be in working order now!

Anything else comes up I know where to find you.