# PC constantly uploading high amounts of data



## theFAst0ne (Apr 16, 2009)

Whenever I connect to the internet, my PC is showing activity on the web. But I don't have any programs that use internet open. Then I checked my usage report and it showed that I uploaded 536 MB and only downloaded 126 MB in one day!!! I never upload more that I need to. Then at the end of the month, the total uploaded was 2.6 GB, way more than the average in the past. I ran a virus scan and it didn't find anything. And then, while browsing the web, randomly a new tab will open with a strange URL, then it will forward to Bing. An example of this URL is: http://santadom.com/se.php?pop=1&aid=aGlkZGVu&sid=16154920&key=virus. If you can, please help!!! Thanks.


----------



## Elvandil (Aug 1, 2003)

Try Current Ports to see what is connecting.

I found that most of my own constant uploading was to Google servers. Uninstalling everything Google and replacing the browser with the bare Chromium browser "un-Googlized" stopped the uploads. But the amounts were far smaller than yours.

You may want to go to the Malware forum.


----------



## srhoades (May 15, 2003)

Just because your anti virus didn't find anything doesn't mean you aren't infected. I would post a hijackthis log.


----------



## dvk01 (Dec 14, 2002)

follow advice *here* and post the logs those programs make


----------



## theFAst0ne (Apr 16, 2009)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37, on 2010/08/21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?hl=en&shva=1#inbox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: (no name) - {02AAA65F-E94E-4231-891A-00C930843E5a} - C:\WINDOWS\system32\D3DX9_4232.dll
O2 - BHO: (no name) - {0376133C-F796-41E1-8053-BC978D3D83Aa} - C:\WINDOWS\system32\CmdLineExt0332.dll
O2 - BHO: (no name) - {05554CBF-E94E-4231-891A-00C930843E5a} - C:\WINDOWS\system32\dinput832.dll
O2 - BHO: (no name) - {06EC2678-F796-41E1-8053-BC978D3D83Aa} - C:\WINDOWS\system32\dpvvox32.dll
O2 - BHO: (no name) - {0AAA997F-E94E-4231-891A-00C930843E5a} - C:\WINDOWS\system32\CmdLineExt0332.dll
O2 - BHO: (no name) - {1475614C-7FB1-4E60-A107-56F4B42F8705} - C:\WINDOWS\system32\dinput832.dll
O2 - BHO: (no name) - {155532FF-E94E-4231-891A-00C930843E5a} - C:\WINDOWS\system32\CmdLineExt0332.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {ad55c869-668e-457c-b270-0cfb2f61116f} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: c2d50f0 - {EBD8AC5B-B21E-4D1F-91D0-A36C79876E73} - C:\WINDOWS\system32\danim32.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\David Perry\Application Data\Symantec\Layouts\NSW-Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070826\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\David Perry\Application Data\Symantec\Layouts\NSW-Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070826\Setup.exe" "/SCANUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\DOCUME~1\Matthew\LOCALS~1\Temp\19.tmp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: ptsp.dll
O10 - Unknown file in Winsock LSP: ptsp.dll
O10 - Unknown file in Winsock LSP: ptsp.dll
O10 - Unknown file in Winsock LSP: ptsp.dll
O10 - Unknown file in Winsock LSP: ptsp.dll
O10 - Unknown file in Winsock LSP: ptsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164463974796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164464551906
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL,C:\WINDOWS\system32\danim32.dll
O20 - Winlogon Notify: 7c5e00a5971 - C:\WINDOWS\system32\danim32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Program Files\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXlm License Manager - Unknown owner - C:\SEFlex\\Program\lmgrd.exe (file missing)
O23 - Service: Google Update Service (gupdate1c953bd601bbe08) (gupdate1c953bd601bbe08) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Matthew/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 12410 bytes

DDS (Ver_10-03-17.01) - NTFSx86 
Run by Matthew at 17:39:31.23 on 2010/08/21
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2393 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthew\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://mail.google.com/mail/?hl=en&shva=1#inbox
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02aaa65f-e94e-4231-891a-00c930843e5a} - c:\windows\system32\D3DX9_4232.dll
BHO: {0376133c-f796-41e1-8053-bc978d3d83aa} - c:\windows\system32\CmdLineExt0332.dll
BHO: {05554cbf-e94e-4231-891a-00c930843e5a} - c:\windows\system32\dinput832.dll
BHO: {06ec2678-f796-41e1-8053-bc978d3d83aa} - c:\windows\system32\dpvvox32.dll
BHO: {0aaa997f-e94e-4231-891a-00c930843e5a} - c:\windows\system32\CmdLineExt0332.dll
BHO: {1475614c-7fb1-4e60-a107-56f4b42f8705} - c:\windows\system32\dinput832.dll
BHO: {155532ff-e94e-4231-891a-00c930843e5a} - c:\windows\system32\CmdLineExt0332.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {ad55c869-668e-457c-b270-0cfb2f61116f} - No File
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: c2d50f0: {ebd8ac5b-b21e-4d1f-91d0-a36c79876e73} - c:\windows\system32\danim32.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SoundMax] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [SymLnch] "c:\documents and settings\david perry\application data\symantec\layouts\nsw-norton antivirus\15.0\symalllanguages\nav_esd\20070826\support\symlnch\symlnch.exe" "c:\documents and settings\david perry\application data\symantec\layouts\nsw-norton antivirus\15.0\symalllanguages\nav_esd\20070826\Setup.exe" "/SCANUPREBOOT /temp /patched"
dRunOnce: [<NO NAME>] 
mExplorerRun: [<NO NAME>] 1 (0x1)
mExplorerRun: [RTHDBPL] c:\docume~1\matthew\locals~1\temp\19.tmp
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: ForceActiveDesktopOn = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks\norton cleanup\WCQuick.lnk
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
LSP: ptsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164463974796
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164464551906
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: 7c5e00a5971 - c:\windows\system32\danim32.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\google\go333c~1\goec62~1.dll,c:\windows\system32\danim32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matthew\applic~1\mozilla\firefox\profiles\70tlkdlm.default\
FF - plugin: c:\documents and settings\matthew\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\matthew\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-25 55152]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-5-23 10384]
S2 FLEXlm License Manager;FLEXlm License Manager;c:\seflex\\program\lmgrd.exe --> c:\seflex\\program\lmgrd.exe [?]
S2 gupdate1c953bd601bbe08;Google Update Service (gupdate1c953bd601bbe08);c:\program files\google\update\GoogleUpdate.exe [2008-12-1 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-6-11 28672]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2009-8-16 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2009-8-16 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2009-8-16 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2009-8-16 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2009-8-16 98568]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
piffile="%1" %*"

=============== Created Last 30 ================

2010-08-21 15:34:29	328704	----a-w-	c:\windows\system32\D3DX9_4232.dll
2010-08-20 10:38:48	318976	----a-w-	c:\windows\system32\dot3api32.dll
2010-08-19 17:55:41	0	d-----w-	C:\46ff1f1f2e8aa8376d4a1981064e8c
2010-08-18 07:09:24	318976	----a-w-	c:\windows\system32\cnbjmon32.dll
2010-08-17 15:51:04	318976	----a-w-	c:\windows\system32\d3dx10_3932.dll
2010-08-17 10:00:47	0	d-----w-	c:\program files\Trend Micro
2010-08-17 09:53:24	318976	----a-w-	c:\windows\system32\dimap32.dll
2010-08-15 10:58:50	1160704	--sha-w-	c:\windows\system32\4.tmp
2010-08-14 10:53:38	0	----a-w-	c:\windows\system32\5.tmp
2010-08-13 10:32:12	325632	----a-w-	c:\windows\system32\cryptui32.dll
2010-08-13 09:09:41	325632	----a-w-	c:\windows\system32\D3DCompiler_4132.dll
2010-08-10 06:37:42	325632	----a-w-	c:\windows\system32\dmdlgs32.dll
2010-08-09 15:35:39	141	----a-w-	c:\windows\system32\sl1307558503
2010-08-09 14:07:21	0	d-----w-	c:\windows\system32\AGEIA
2010-08-09 09:23:42	325632	----a-w-	c:\windows\system32\deployJava132.dll
2010-08-07 10:29:41	325632	----a-w-	c:\windows\system32\dhcpmon32.dll
2010-08-06 12:15:07	325632	----a-w-	c:\windows\system32\cdosys32.dll
2010-08-06 09:38:24	325632	----a-w-	c:\windows\system32\dbmsrpcn32.dll
2010-08-03 15:45:02	315392	----a-w-	c:\windows\system32\D3DCompiler_4232.dll
2010-08-02 10:41:57	315392	----a-w-	c:\windows\system32\eappprxy32.dll
2010-08-01 14:44:16	0	d-----w-	c:\docume~1\alluse~1\applic~1\IObit
2010-08-01 10:43:31	313344	----a-w-	c:\windows\system32\dimsntfy32.dll
2010-07-27 14:47:53	0	---ha-w-	c:\documents and settings\matthew\cnxkpmasmz.tmp
2010-07-26 05:59:31	312320	----a-w-	c:\windows\system32\dpvvox32.dll
2010-07-25 13:57:23	3430	----a-w-	c:\documents and settings\matthew\.recently-used.xbel
2010-07-25 13:14:50	0	d-----w-	c:\documents and settings\matthew\.fontconfig
2010-07-25 10:44:31	312320	----a-w-	c:\windows\system32\dinput832.dll
2010-07-23 15:01:29	318976	----a-w-	c:\windows\system32\CmdLineExt0332.dll

==================== Find3M ====================

2010-07-27 14:47:53	43520	----a-w-	c:\windows\system32\CmdLineExt03.dll
2010-07-22 14:31:26	318976	----a-w-	c:\windows\system32\d3dx9_3032.dll
2010-07-21 15:24:17	318976	----a-w-	c:\windows\system32\crtdll32.dll
2010-07-17 03:00:04	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-07-16 15:03:11	318976	----a-w-	c:\windows\system32\basecsp32.dll
2010-07-16 15:02:48	203776	--sh--w-	c:\windows\system32\unrar.exe
2010-07-16 15:02:35	1115136	--sha-w-	c:\windows\system32\297.tmp
2010-07-16 14:59:30	323584	----a-w- c:\windows\system32\dpwsock32.dll
2010-07-16 14:59:03	323584	----a-w-	c:\windows\system32\davclnt32.dll
2010-07-16 14:59:02	207872	----a-w-	c:\windows\system32\danim32.dll
2010-07-07 02:27:52	5069312	----a-w-	c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:58:26	53248	----a-w-	c:\windows\system32\aticalrt.dll
2010-07-07 01:58:18	53248	----a-w-	c:\windows\system32\aticalcl.dll
2010-07-07 01:57:02	4337664	----a-w-	c:\windows\system32\aticaldd.dll
2010-07-07 01:53:00	15499264	----a-w-	c:\windows\system32\atioglxx.dll
2010-07-07 01:50:14	311296	----a-w-	c:\windows\system32\atiiiexx.dll
2010-07-07 01:48:54	446464	----a-w-	c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47:56	299520	----a-w-	c:\windows\system32\ati2dvag.dll
2010-07-07 01:41:18	3869952	----a-w-	c:\windows\system32\ati3duag.dll
2010-07-07 01:33:00	208896	----a-w-	c:\windows\system32\atipdlxx.dll
2010-07-07 01:32:48	155648	----a-w-	c:\windows\system32\Oemdspif.dll
2010-07-07 01:32:40	26112	----a-w-	c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32:34	43520	----a-w-	c:\windows\system32\ati2edxx.dll
2010-07-07 01:32:24	159744	----a-w-	c:\windows\system32\ati2evxx.dll
2010-07-07 01:31:10	602112	----a-w-	c:\windows\system32\ati2evxx.exe
2010-07-07 01:29:56	53248	----a-w-	c:\windows\system32\ATIDDC.DLL
2010-07-07 01:29:06	143360	----a-w-	c:\windows\system32\atiapfxx.exe
2010-07-07 01:28:10	2273920	----a-w-	c:\windows\system32\ativvaxx.dll
2010-07-07 01:27:42	887724	----a-w-	c:\windows\system32\ativva6x.dat
2010-07-07 01:25:48	573440	----a-w-	c:\windows\system32\atikvmag.dll
2010-07-07 01:24:52	393216	----a-w-	c:\windows\system32\atiok3x2.dll
2010-07-07 01:24:06	184320	----a-w-	c:\windows\system32\atiadlxx.dll
2010-07-07 01:23:52	17408	----a-w-	c:\windows\system32\atitvo32.dll
2010-07-07 01:19:10	704512	----a-w-	c:\windows\system32\ati2cqag.dll
2010-07-07 01:15:58	65024	----a-w-	c:\windows\system32\atimpc32.dll
2010-07-07 01:15:58	65024	----a-w-	c:\windows\system32\amdpcom32.dll
2010-07-07 01:15:22	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2010-06-30 12:31:35	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-24 12:22:03	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-23 13:44:04	1851904	------w-	c:\windows\system32\win32k.sys
2010-06-17 14:03:00	80384	------w-	c:\windows\system32\iccvid.dll
2010-06-14 07:41:45	1172480	----a-w-	c:\windows\system32\msxml3.dll
2009-11-01 11:59:08	88	--sh--r-	c:\windows\system32\F4B24A8872.sys
2009-11-01 11:59:22	2828	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2008-11-04 17:51:57	32768	--sha-w-	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110420081105\index.dat

============= FINISH: 17:40:09.62 ===============

won't let me attach this file

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2006/11/14 11:43:19
System Uptime: 2010/08/21 17:16:56 (0 hours ago)

Motherboard: XFX | | MI-G31I-CH79
Processor: Intel Pentium III Xeon processor | CPU1 | 2671/267mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 26.572 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 19.756 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT

==== System Restore Points ===================

RP782: 2010/08/01 17:39:54 - Removed Apple Mobile Device Support
RP783: 2010/08/01 17:41:14 - Removed Apple Application Support
RP784: 2010/08/01 17:44:15 - Removed Apple Software Update
RP785: 2010/08/01 17:47:19 - Removed Google SketchUp Pro 7
RP786: 2010/08/01 17:50:27 - Removed LiveUpdate (Symantec Corporation)
RP787: 2010/08/01 17:51:21 - Removed MobileMe Control Panel
RP788: 2010/08/01 18:09:34 - Software Distribution Service 3.0
RP789: 2010/08/01 18:13:24 - Software Distribution Service 3.0
RP790: 2010/08/01 18:16:50 - Removed System Requirements Lab
RP791: 2010/08/01 18:16:58 - Removed System Requirements Lab
RP792: 2010/08/01 18:19:21 - Removed NVIDIA PhysX
RP793: 2010/08/01 18:20:18 - Removed Acrobat.com
RP794: 2010/08/01 18:20:41 - Removed Bonjour
RP795: 2010/08/02 16:34:49 - Software Distribution Service 3.0
RP796: 2010/08/03 17:31:59 - Software Distribution Service 3.0
RP797: 2010/08/05 16:25:35 - Software Distribution Service 3.0
RP798: 2010/08/05 17:08:38 - Software Distribution Service 3.0
RP799: 2010/08/06 11:21:43 - Removed Assassin's Creed II
RP800: 2010/08/06 11:23:06 - Installed Assassin's Creed II
RP801: 2010/08/06 11:37:09 - Installed Assassin's Creed II
RP802: 2010/08/06 11:46:33 - Installed Assassin's Creed II
RP803: 2010/08/06 12:03:09 - Installed Assassin's Creed II
RP804: 2010/08/06 12:22:45 - Installed Assassin's Creed II
RP805: 2010/08/06 12:47:02 - Installed DirectX
RP806: 2010/08/06 12:49:24 - Configured Ubisoft Game Launcher
RP807: 2010/08/07 13:13:08 - System Checkpoint
RP808: 2010/08/09 11:33:37 - System Checkpoint
RP809: 2010/08/09 13:04:46 - Software Distribution Service 3.0
RP810: 2010/08/09 14:14:26 - Removed LiveUpdate Notice (Symantec Corporation)
RP811: 2010/08/09 14:15:16 - Removed Logitech Gaming Software 5.04.
RP812: 2010/08/09 14:18:07 - Removed Windows Live Upload Tool
RP813: 2010/08/09 14:19:17 - Removed Windows Live Sync
RP814: 2010/08/09 14:19:38 - Removed Windows Live ID Sign-in Assistant
RP815: 2010/08/09 18:41:31 - Installed The Sims 3 World Adventures
RP816: 2010/08/09 19:02:57 - Installed The Sims 3
RP817: 2010/08/10 09:03:27 - Removed The Sims 3 World Adventures
RP818: 2010/08/10 09:07:53 - Installed The Sims 3 World Adventures
RP819: 2010/08/10 09:50:49 - Installed The Sims 3
RP820: 2010/08/10 10:55:16 - Installed The Sims 3 World Adventures
RP821: 2010/08/10 11:13:48 - Installed The Sims 3
RP822: 2010/08/10 11:20:01 - Removed The Sims 3 World Adventures
RP823: 2010/08/10 11:21:50 - Removed The Sims 3
RP824: 2010/08/10 11:24:30 - Installed The Sims 3
RP825: 2010/08/10 11:58:29 - Installed The Sims 3
RP826: 2010/08/10 12:00:04 - Installed The Sims 3 World Adventures
RP827: 2010/08/10 12:27:02 - Removed The Sims 3
RP828: 2010/08/10 12:27:55 - Removed The Sims 3
RP829: 2010/08/10 12:30:05 - Removed The Sims 3
RP830: 2010/08/10 12:30:34 - Removed The Sims 3 World Adventures
RP831: 2010/08/10 12:33:53 - Removed The Sims 3
RP832: 2010/08/13 11:05:06 - Software Distribution Service 3.0
RP833: 2010/08/14 18:28:15 - System Checkpoint
RP834: 2010/08/16 12:20:21 - System Checkpoint
RP835: 2010/08/16 16:59:24 - Removed Google Gears
RP836: 2010/08/17 17:41:58 - Installed Battlefield: Bad Company 2
RP837: 2010/08/19 14:50:00 - System Checkpoint
RP838: 2010/08/19 19:53:02 - Installed Java(TM) 6 Update 21
RP839: 2010/08/19 19:55:30 - Software Distribution Service 3.0
RP840: 2010/08/21 10:16:14 - System Checkpoint

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
Advanced Registry Fix
Advanced SystemCare 3
Assassin's Creed II
ATI Catalyst Install Manager
Audacity 1.2.6
AviSynth 2.5
Battlefield: Bad Company 2
Billion 400G
BlueSoleil
BumpTop
Buzan's iMindMap V3
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
Canon MP560 series User Registration
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities PhotoStitch 3.1
Canon Utilities Solution Menu
Canon ZoomBrowser EX (E)
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CDDRV_Installer
Choice Guard
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Defraggler
Dragon Age: Origins
Dual-Core Optimizer
EA Download Manager
EA Download Manager UI
Fallout 3
GameSpy Arcade
GIMP 2.6.4
Google Chrome
Google Earth
Google Photos Screensaver
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GTK+ Runtime 2.14.7 rev a (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB938759)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp LaserJet 1010 Series
Indeo® software
Intel(R) Graphics Media Accelerator Driver
iTunes
Java 2 Runtime Environment, SE v1.4.2_19
Java Auto Updater
Java DB 10.4.1.3
Java(TM) 6 Update 21
Java(TM) SE Development Kit 6 Update 13
JavaFX(TM) 1.1 SDK
jGRASP
Junk Mail filter update
KhalInstallWrapper
L&H TTS3000 British English
Lernout & Hauspie TruVoice American English TTS Engine
Logitech SetPoint
Maxtor Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Standard 2006
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Media Video 9 VCM
Microsoft WSE 3.0 Runtime
MovieEdit Task
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MTN [email protected]
Need for Speed SHIFT
NetBeans IDE 6.8
Network Play System (Patching)
Norton SystemWorks
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Parental InternetFilter 3.2
PhotoStitch
Pivot Stickfigure Animator
QuickTime
RAW Image Task 2.2
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Scratch
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Sibelius Scorch (ActiveX Only)
Sid Meier's Civilization 4
Skype Toolbars
Skype 4.2
SmartSound Quicktracks Plugin
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Sun GlassFish Enterprise Server v3
TFI FX 4.00
The Italian Job
The Lord of the Rings FREE Trial 
The Sims 3
Tomb Raider: Anniversary 1.0
Ubisoft Game Launcher
Ulead DVD DiskRecorder 2.1.1
Ulead VideoStudio 9.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Manager
VideoLAN VLC media player 0.8.6d
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

2010/08/20 12:15:11, error: Print [19] - Sharing printer failed + 1722, Printer hp LaserJet 1010 share name Printer2.
2010/08/19 20:01:22, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168).
2010/08/19 20:01:22, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524).
2010/08/17 17:39:05, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00242113402C. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
2010/08/17 17:34:54, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2010/08/17 17:34:54, error: Service Control Manager [7000] - The FLEXlm License Manager service failed to start due to the following error: The system cannot find the path specified.
2010/08/17 17:34:54, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
2010/08/17 17:34:01, error: Print [23] - Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.

==== End Of File ===========================

GMER crashes my PC, can't get a log file


----------



## dvk01 (Dec 14, 2002)

don't worry about Gmere

that is very badly infected

Delete any existing version of ComboFix you have sitting on your desktop
*Please read and follow all these instructions very carefully*​
Download ComboFix from *Here* or *Here*to your Desktop.

As you download combofix please rename it to thefastone12345.exe & run that

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this 
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" * for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. *

Please tell us if it has cured the problems or if there are any outstanding issues


----------



## theFAst0ne (Apr 16, 2009)

ComboFix 10-08-21.06 - Matthew 2010/08/22 12:18:24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2398 [GMT 2:00]
Running from: C:\Documents and Settings\Matthew\Desktop\thefastone12345.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\David Perry\Application Data\02000000eae3140b971C.manifest
C:\Documents and Settings\David Perry\Application Data\02000000eae3140b971O.manifest
C:\Documents and Settings\David Perry\Application Data\02000000eae3140b971P.manifest
C:\Documents and Settings\David Perry\Application Data\02000000eae3140b971S.manifest
C:\Documents and Settings\David Perry\Application Data\SystemProc
C:\Documents and Settings\David Perry\Application Data\SystemProc\lsass.exe
C:\Documents and Settings\Giovanna\Application Data\02000000eae3140b971C.manifest
C:\Documents and Settings\Giovanna\Application Data\02000000eae3140b971O.manifest
C:\Documents and Settings\Giovanna\Application Data\02000000eae3140b971P.manifest
C:\Documents and Settings\Giovanna\Application Data\02000000eae3140b971S.manifest
C:\Documents and Settings\Giovanna\Application Data\SystemProc
C:\Documents and Settings\Giovanna\Application Data\SystemProc\lsass.exe
C:\Documents and Settings\Giovanna\Application Data\SystemProc\upd.exe
C:\Documents and Settings\Matthew\Application Data\02000000eae3140b971C.manifest
C:\Documents and Settings\Matthew\Application Data\02000000eae3140b971O.manifest
C:\Documents and Settings\Matthew\Application Data\02000000eae3140b971P.manifest
C:\Documents and Settings\Matthew\Application Data\02000000eae3140b971S.manifest
C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\70tlkdlm.default\extensions\{a890ff17-2768-462a-a1f1-37cc82313493}
C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\70tlkdlm.default\extensions\{a890ff17-2768-462a-a1f1-37cc82313493}\chrome.manifest
C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\70tlkdlm.default\extensions\{a890ff17-2768-462a-a1f1-37cc82313493}\chrome\xulcache.jar
C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\70tlkdlm.default\extensions\{a890ff17-2768-462a-a1f1-37cc82313493}\defaults\preferences\xulcache.js
C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\70tlkdlm.default\extensions\{a890ff17-2768-462a-a1f1-37cc82313493}\install.rdf
C:\Documents and Settings\Matthew\Application Data\SystemProc
C:\Documents and Settings\Matthew\Application Data\SystemProc\lsass.exe
C:\Documents and Settings\Matthew\Favorites\YouTube - Broadcast Yourself..url
C:\restore
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
C:\System
C:\System\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
C:\WINDOWS\a3kebook.ini
C:\WINDOWS\akebook.ini
C:\WINDOWS\ANS2000.INI
C:\WINDOWS\GnuHashes.ini
C:\WINDOWS\system32\1315727298
C:\WINDOWS\system32\CmdLineExt0332.dll
C:\WINDOWS\system32\CNBJMON32.DLL
C:\WINDOWS\system32\CRTDLL32.DLL
C:\WINDOWS\system32\DANIM32.DLL
C:\WINDOWS\system32\DBMSRPCN32.DLL
C:\WINDOWS\system32\DHCPMON32.DLL
C:\WINDOWS\system32\DIMAP32.DLL
C:\WINDOWS\system32\dimsntfy32.dll
C:\WINDOWS\system32\DINPUT832.DLL
C:\WINDOWS\system32\DMDLGS32.DLL
C:\WINDOWS\system32\DPVVOX32.DLL
C:\WINDOWS\system32\DPWSOCK32.DLL
C:\WINDOWS\system32\SysWoW32
C:\WINDOWS\system32\SysWoW32\@u637819647v0
C:\WINDOWS\system32\SysWoW32\@u637819647v1
C:\WINDOWS\system32\SysWoW32\@u637819647v2
C:\WINDOWS\system32\SysWoW32\@u637819647v3
C:\WINDOWS\system32\SysWoW32\@u637819647v4
C:\WINDOWS\system32\SysWoW32\@u637819647v5
C:\WINDOWS\system32\SysWoW32\@u637819647v6
C:\WINDOWS\system32\SysWoW32\@u637819647v7
C:\WINDOWS\system32\SysWoW32\_u637819647v0
C:\WINDOWS\system32\SysWoW32\_u637819647v1
C:\WINDOWS\system32\SysWoW32\_u637819647v2
C:\WINDOWS\system32\SysWoW32\_u637819647v3
C:\WINDOWS\system32\SysWoW32\_u637819647v4
C:\WINDOWS\system32\SysWoW32\_u637819647v5
C:\WINDOWS\system32\SysWoW32\_u637819647v6
C:\WINDOWS\system32\SysWoW32\_u637819647v7
C:\WINDOWS\system32\SysWoW32\mu637819647v4
C:\WINDOWS\system32\SysWoW32\mu637819647v4.kwd
C:\WINDOWS\system32\SysWoW32\mu637819647v5
C:\WINDOWS\system32\SysWoW32\mu637819647v5.kwd
C:\WINDOWS\system32\SysWoW32\mu637819647v6
C:\WINDOWS\system32\SysWoW32\mu637819647v6.kwd
C:\WINDOWS\system32\SysWoW32\mu637819647v7
C:\WINDOWS\system32\SysWoW32\mu637819647v7.kwd
C:\WINDOWS\system32\SysWoW32\wu637819647v0
C:\WINDOWS\system32\SysWoW32\wu637819647v0.kwd
C:\WINDOWS\system32\SysWoW32\wu637819647v1
C:\WINDOWS\system32\SysWoW32\wu637819647v1.kwd
C:\WINDOWS\system32\SysWoW32\wu637819647v2
C:\WINDOWS\system32\SysWoW32\wu637819647v2.kwd
C:\WINDOWS\system32\SysWoW32\wu637819647v3
C:\WINDOWS\system32\SysWoW32\wu637819647v3.kwd
C:\WINDOWS\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
.

2010-08-22 08:24:03 . 2010-08-22 08:24:03	328704	----a-w-	C:\WINDOWS\system32\ciadmin32.dll
2010-08-21 16:42:51 . 2010-08-21 16:42:51	328704	----a-w-	C:\WINDOWS\system32\dpnwsock32.dll
2010-08-21 15:48:00 . 2010-08-21 15:48:01	328704	----a-w-	C:\WINDOWS\system32\D3DCompiler_3332.dll
2010-08-21 15:34:29 . 2010-08-21 15:34:29	328704	----a-w-	C:\WINDOWS\system32\D3DX9_4232.dll
2010-08-20 10:38:48 . 2010-08-20 10:38:48	318976	----a-w-	C:\WINDOWS\system32\dot3api32.dll
2010-08-19 17:55:41 . 2010-08-19 17:58:09	--------	d-----w-	C:\46ff1f1f2e8aa8376d4a1981064e8c
2010-08-17 16:52:26 . 2010-08-17 16:52:26	--------	d--h--r-	C:\Documents and Settings\Matthew\Application Data\SecuROM
2010-08-17 15:51:04 . 2010-08-17 15:51:04	318976	----a-w-	C:\WINDOWS\system32\d3dx10_3932.dll
2010-08-17 10:00:47 . 2010-08-17 10:00:47	--------	d-----w-	C:\Program Files\Trend Micro
2010-08-13 10:32:12 . 2010-08-13 10:32:12	325632	----a-w-	C:\WINDOWS\system32\cryptui32.dll
2010-08-13 09:09:41 . 2010-08-13 09:09:41	325632	----a-w-	C:\WINDOWS\system32\D3DCompiler_4132.dll
2010-08-09 14:07:21 . 2010-08-09 14:07:37	--------	d-----w-	C:\Program Files\AGEIA Technologies
2010-08-09 14:07:21 . 2010-08-09 14:07:21	--------	d-----w-	C:\WINDOWS\system32\AGEIA
2010-08-09 09:23:42 . 2010-08-09 09:23:42	325632	----a-w-	C:\WINDOWS\system32\deployJava132.dll
2010-08-06 12:15:07 . 2010-08-06 12:15:07	325632	----a-w-	C:\WINDOWS\system32\cdosys32.dll
2010-08-04 09:28:34 . 2010-08-04 09:28:34	503808	----a-w-	C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-684833c6-n\msvcp71.dll
2010-08-04 09:28:34 . 2010-08-04 09:28:34	499712	----a-w-	C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-684833c6-n\jmc.dll
2010-08-04 09:28:34 . 2010-08-04 09:28:34	348160	----a-w-	C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-684833c6-n\msvcr71.dll
2010-08-04 09:28:28 . 2010-08-04 09:28:28	61440	----a-w-	C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-411814f6-n\decora-sse.dll
2010-08-04 09:28:28 . 2010-08-04 09:28:28	12800	----a-w-	C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-411814f6-n\decora-d3d.dll
2010-08-03 15:45:02 . 2010-08-03 15:45:02	315392	----a-w-	C:\WINDOWS\system32\D3DCompiler_4232.dll
2010-08-02 10:41:57 . 2010-08-02 10:41:57	315392	----a-w-	C:\WINDOWS\system32\eappprxy32.dll
2010-08-01 14:44:16 . 2010-08-01 14:44:16	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\IObit
2010-07-25 13:14:50 . 2010-07-25 13:14:51	--------	d-----w-	C:\Documents and Settings\Matthew\.fontconfig

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 17:53:51 . 2008-12-26 09:26:27	--------	d-----w-	C:\Program Files\Common Files\Java
2010-08-19 17:53:19 . 2009-03-29 05:58:32	--------	d-----w-	C:\Program Files\Java
2010-08-16 15:00:42 . 2007-09-21 13:36:45	--------	d-----w-	C:\Program Files\Google
2010-08-16 13:28:18 . 2009-04-25 08:26:37	--------	d-----w-	C:\Documents and Settings\Matthew\Application Data\Skype
2010-08-16 13:04:44 . 2009-04-25 08:27:55	--------	d-----w-	C:\Documents and Settings\Matthew\Application Data\skypePM
2010-08-15 10:59:23 . 2010-08-15 10:58:50	1160704	--sha-w-	C:\WINDOWS\system32\4.tmp
2010-08-14 10:53:38 . 2010-08-14 10:53:38	0	----a-w-	C:\WINDOWS\system32\5.tmp
2010-08-13 09:12:34 . 2010-01-24 11:59:28	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-08-10 10:30:39 . 2006-11-14 09:57:51	--------	d--h--w-	C:\Program Files\InstallShield Installation Information
2010-08-10 09:58:29 . 2007-02-16 06:13:40	--------	d-----w-	C:\Program Files\Electronic Arts
2010-08-10 09:02:10 . 2009-09-21 12:56:12	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\Electronic Arts
2010-08-10 09:01:32 . 2009-11-13 14:30:09	--------	d-----w-	C:\Program Files\Common Files\Adobe AIR
2010-08-09 14:06:52 . 2010-05-24 15:57:22	--------	d-----w-	C:\Program Files\Common Files\BioWare
2010-08-09 13:23:47 . 2010-05-24 17:09:06	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\BioWare
2010-08-09 12:19:18 . 2008-12-23 11:34:56	--------	d-----w-	C:\Program Files\Windows Live
2010-08-09 12:15:20 . 2009-05-23 10:00:03	--------	d-----w-	C:\Program Files\Logitech
2010-08-09 12:15:17 . 2009-05-23 10:00:04	--------	d-----w-	C:\Program Files\Common Files\Logitech
2010-08-09 12:14:38 . 2006-11-19 08:28:35	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\Symantec
2010-08-01 19:55:40 . 2006-11-19 08:28:23	--------	d-----w-	C:\Program Files\Common Files\Symantec Shared
2010-08-01 15:59:36 . 2010-07-09 14:34:27	--------	d-----w-	C:\Program Files\IObit
2010-08-01 15:51:23 . 2008-07-02 12:04:59	--------	d-----w-	C:\Program Files\Common Files\Apple
2010-08-01 15:46:21 . 2009-03-06 12:58:15	--------	d-----w-	C:\Program Files\GameShadow
2010-07-31 11:43:29 . 2010-05-16 11:46:44	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\CanonIJ
2010-07-31 11:43:19 . 2010-05-16 09:59:05	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2010-07-27 14:47:53 . 2010-07-27 14:47:53	0	---ha-w-	C:\Documents and Settings\Matthew\cnxkpmasmz.tmp
2010-07-27 14:47:53 . 2007-04-01 12:57:10	43520	----a-w-	C:\WINDOWS\system32\CmdLineExt03.dll
2010-07-27 14:47:02 . 2009-05-05 16:10:31	--------	d-----w-	C:\Program Files\TFI FX
2010-07-25 13:57:23 . 2008-12-25 12:33:12	--------	d-----w-	C:\Documents and Settings\Matthew\Application Data\gtk-2.0
2010-07-22 14:31:26 . 2010-07-22 14:31:26	318976	----a-w-	C:\WINDOWS\system32\d3dx9_3032.dll
2010-07-17 03:00:04 . 2010-07-09 15:48:32	423656	----a-w-	C:\WINDOWS\system32\deployJava1.dll
2010-07-16 15:03:11 . 2010-07-16 15:03:11	318976	----a-w-	C:\WINDOWS\system32\basecsp32.dll
2010-07-16 15:02:35 . 2010-07-16 14:59:10	1115136	--sha-w-	C:\WINDOWS\system32\297.tmp
2010-07-16 14:59:03 . 2010-07-16 14:59:03	323584	----a-w-	C:\WINDOWS\system32\davclnt32.dll
2010-07-12 11:51:31 . 2010-07-09 14:37:55	--------	d-----w-	C:\Documents and Settings\Matthew\Application Data\IObit
2010-07-10 11:44:57 . 2010-07-10 11:44:57	503808	----a-w-	C:\Documents and Settings\Giovanna\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5909b857-n\msvcp71.dll
2010-07-10 11:44:57 . 2010-07-10 11:44:57	499712	----a-w-	C:\Documents and Settings\Giovanna\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5909b857-n\jmc.dll
2010-07-10 11:44:57 . 2010-07-10 11:44:57	348160	----a-w-	C:\Documents and Settings\Giovanna\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5909b857-n\msvcr71.dll
2010-07-10 11:44:47 . 2010-07-10 11:44:47	61440	----a-w-	C:\Documents and Settings\Giovanna\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f31b64f-n\decora-sse.dll
2010-07-10 11:44:47 . 2010-07-10 11:44:47	12800	----a-w-	C:\Documents and Settings\Giovanna\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f31b64f-n\decora-d3d.dll
2010-07-09 16:01:20 . 2006-11-16 15:44:13	--------	d-----w-	C:\Program Files\Microsoft Works
2010-07-09 16:01:19 . 2010-04-06 11:09:04	--------	d-----w-	C:\Program Files\MTN [email protected]
2010-07-09 16:01:19 . 2009-09-23 13:15:28	--------	d-----w-	C:\Program Files\SmartDraw 2010
2010-07-09 16:01:19 . 2008-12-23 11:34:17	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\WLInstaller
2010-07-09 16:01:19 . 2007-08-11 10:52:27	--------	d-----w-	C:\Program Files\Common Files\EasyInfo
2010-07-09 15:49:25 . 2010-07-09 15:49:25	503808	----a-w-	C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6ae8d8f6-n\msvcp71.dll
2010-07-09 15:49:25 . 2010-07-09 15:49:25	499712	----a-w-	C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6ae8d8f6-n\jmc.dll
2010-07-09 15:49:25 . 2010-07-09 15:49:25	348160	----a-w-	C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6ae8d8f6-n\msvcr71.dll
2010-07-09 15:48:50 . 2010-07-09 15:48:50	61440	----a-w-	C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-21a733bb-n\decora-sse.dll
2010-07-09 15:48:50 . 2010-07-09 15:48:50	12800	----a-w-	C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-21a733bb-n\decora-d3d.dll
2010-07-09 15:36:28 . 2010-01-24 12:04:42	--------	d-----w-	C:\Program Files\Microsoft.NET
2010-07-09 15:33:27 . 2010-07-09 14:41:47	--------	d-----w-	C:\Program Files\Microsoft SQL Server
2010-07-07 02:27:52 . 2008-11-04 17:30:04	5069312	----a-w-	C:\WINDOWS\system32\drivers\ati2mtag.sys
2010-07-07 01:58:26 . 2009-02-25 20:32:59	53248	----a-w-	C:\WINDOWS\system32\aticalrt.dll
2010-07-07 01:58:18 . 2009-02-25 20:32:53	53248	----a-w-	C:\WINDOWS\system32\aticalcl.dll
2010-07-07 01:57:02 . 2009-02-25 20:30:01	4337664	----a-w-	C:\WINDOWS\system32\aticaldd.dll
2010-07-07 01:53:00 . 2009-02-25 21:30:15	15499264	----a-w-	C:\WINDOWS\system32\atioglxx.dll
2010-07-07 01:50:14 . 2009-04-05 07:15:26	311296	----a-w-	C:\WINDOWS\system32\atiiiexx.dll
2010-07-07 01:48:54 . 2009-04-05 07:15:23	446464	----a-w-	C:\WINDOWS\system32\ATIDEMGX.dll
2010-07-07 01:47:56 . 2008-11-04 17:35:38	299520	----a-w-	C:\WINDOWS\system32\ati2dvag.dll
2010-07-07 01:41:18 . 2008-11-04 17:35:38	3869952	----a-w-	C:\WINDOWS\system32\ati3duag.dll
2010-07-07 01:33:00 . 2008-02-26 03:02:14	208896	----a-w-	C:\WINDOWS\system32\atipdlxx.dll
2010-07-07 01:32:48 . 2008-02-26 03:02:02	155648	----a-w-	C:\WINDOWS\system32\Oemdspif.dll
2010-07-07 01:32:40 . 2008-02-26 03:01:52	26112	----a-w-	C:\WINDOWS\system32\Ati2mdxx.exe
2010-07-07 01:32:34 . 2008-02-26 03:01:44	43520	----a-w-	C:\WINDOWS\system32\ati2edxx.dll
2010-07-07 01:32:24 . 2008-02-26 03:01:30	159744	----a-w-	C:\WINDOWS\system32\ati2evxx.dll
2010-07-07 01:31:10 . 2008-02-26 03:00:02	602112	----a-w-	C:\WINDOWS\system32\ati2evxx.exe
2010-07-07 01:29:56 . 2008-02-26 02:58:42	53248	----a-w-	C:\WINDOWS\system32\ATIDDC.DLL
2010-07-07 01:29:06 . 2010-03-05 15:46:23	143360	----a-w-	C:\WINDOWS\system32\atiapfxx.exe
2010-07-07 01:28:10 . 2008-11-04 17:35:38	2273920	----a-w-	C:\WINDOWS\system32\ativvaxx.dll
2010-07-07 01:27:42 . 2009-04-05 07:15:21	887724	----a-w-	C:\WINDOWS\system32\ativva6x.dat
2010-07-07 01:27:42 . 2009-04-05 07:15:20	3	----a-w-	C:\WINDOWS\system32\ativva5x.dat
2010-07-07 01:25:48 . 2008-02-26 02:25:32	573440	----a-w-	C:\WINDOWS\system32\atikvmag.dll
2010-07-07 01:24:52 . 2008-02-26 02:19:20	393216	----a-w-	C:\WINDOWS\system32\atiok3x2.dll
2010-07-07 01:24:06 . 2009-02-25 20:38:47	184320	----a-w-	C:\WINDOWS\system32\atiadlxx.dll
2010-07-07 01:23:52 . 2008-02-26 02:23:24	17408	----a-w-	C:\WINDOWS\system32\atitvo32.dll
2010-07-07 01:19:10 . 2008-11-04 17:35:38	704512	----a-w-	C:\WINDOWS\system32\ati2cqag.dll
2010-07-07 01:15:58 . 2009-03-16 19:40:12	65024	----a-w-	C:\WINDOWS\system32\atimpc32.dll
2010-07-07 01:15:58 . 2008-02-26 02:29:24	65024	----a-w-	C:\WINDOWS\system32\amdpcom32.dll
2010-07-07 01:15:22 . 2008-02-26 02:22:38	53248	----a-w-	C:\WINDOWS\system32\drivers\ati2erec.dll
2010-06-30 12:31:35 . 2002-12-31 12:00:00	149504	----a-w-	C:\WINDOWS\system32\schannel.dll
2010-06-24 12:22:03 . 2002-12-31 12:00:00	916480	----a-w-	C:\WINDOWS\system32\wininet.dll
2010-06-23 13:44:04 . 2002-12-31 12:00:00	1851904	------w-	C:\WINDOWS\system32\win32k.sys
2010-06-21 15:27:11 . 2002-12-31 12:00:00	354304	----a-w-	C:\WINDOWS\system32\drivers\srv.sys
2010-06-17 14:03:00 . 2002-12-31 12:00:00	80384	------w-	C:\WINDOWS\system32\iccvid.dll
2010-06-14 14:31:20 . 2006-11-14 09:38:54	744448	----a-w-	C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41:45 . 2002-12-31 12:00:00	1172480	----a-w-	C:\WINDOWS\system32\msxml3.dll
2009-11-01 11:59:08 . 2009-06-16 11:17:04	88	--sh--r-	C:\WINDOWS\system32\F4B24A8872.sys
2009-11-01 11:59:22 . 2009-06-16 10:16:18	2828	--sha-w-	C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-01 01:01:48 16864768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 16:55:10 55824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 02:04:47 35760]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 08:06:33 976832]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 12:15:22 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 12:15:20 81920]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 19:44:14 102400]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\David Perry\Application Data\Symantec\Layouts\NSW-Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070826\Support\SymLnch\SymLnch.exe" [2007-08-27 00:04:18 687976]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 18:41:34 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28:42	72208	----a-w-	c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Screen Saver Control.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06:33	976832	----a-w-	C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 12:15:20	81920	----a-w-	C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2008-07-21 15:16:06	169312	----a-w-	C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c953bd601bbe08"=2 (0x2)
"GoogleDesktopManager-110408-113106"=3 (0x3)
"CiSvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Documents and Settings\\Matthew\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"C:\\Documents and Settings\\Matthew\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"D:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"D:\\Program Files\\Electronic Arts\\Need for Speed SHIFT\\shift.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"D:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"C:\\Program Files\\Codemasters\\Colin McRae Rally 04\\cmr4.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\regsvr32.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"C:\\Program Files\\Java\\jdk1.6.0_13\\bin\\appletviewer.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"D:\\Program Files\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"D:\\Program Files\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"D:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\drivers\LBeepKE.sys [2009/05/23 12:14:41 10384]
S2 FLEXlm License Manager;FLEXlm License Manager;C:\SEFlex\\Program\lmgrd.exe --> C:\SEFlex\\Program\lmgrd.exe [?]
S2 gupdate1c953bd601bbe08;Google Update Service (gupdate1c953bd601bbe08);C:\Program Files\Google\Update\GoogleUpdate.exe [2008/12/01 16:01:56 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\Program Files\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2009/12/15 22:07:16 25832]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;C:\WINDOWS\system32\drivers\libusb0.sys [2009/06/11 13:25:51 28672]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\drivers\s115bus.sys [2009/08/16 13:01:40 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\drivers\s115mdfl.sys [2009/08/16 13:01:46 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\drivers\s115mdm.sys [2009/08/16 13:01:46 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\drivers\s115mgmt.sys [2009/08/16 13:02:40 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\drivers\s115obex.sys [2009/08/16 13:02:37 98568]
.
Contents of the 'Scheduled Tasks' folder

2010-08-21 C:\WINDOWS\Tasks\Defraggler Volume C Task.job
- C:\Program Files\Defraggler\df.exe [2010-05-17 19:13:30 . 2010-05-17 19:13:30]

2010-08-22 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2008-12-01 14:01:56 . 2008-12-01 14:01:19]

2010-08-22 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2008-12-01 14:01:56 . 2008-12-01 14:01:19]

2010-08-22 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-789336058-839522115-1003Core.job
- C:\Documents and Settings\David Perry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-30 12:09:12 . 2009-09-22 14:05:26]

2010-08-22 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-789336058-839522115-1003UA.job
- C:\Documents and Settings\David Perry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-30 12:09:12 . 2009-09-22 14:05:26]

2010-08-20 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-789336058-839522115-1007Core.job
- C:\Documents and Settings\Giovanna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-03 10:49:17 . 2009-11-04 13:12:46]

2010-08-22 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-789336058-839522115-1007UA.job
- C:\Documents and Settings\Giovanna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-03 10:49:17 . 2009-11-04 13:12:46]

2010-08-22 C:\WINDOWS\Tasks\User_Feed_Synchronization-{5FD85D01-F603-460C-8ECF-04CAF671AB9E}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 14:36:40 . 2009-03-08 00:31:54]

2010-08-22 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A2CA8844-EC24-45B2-BBAB-C03BC8BFA53B}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 14:36:40 . 2009-03-08 00:31:54]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mail.google.com/mail/?hl=en&shva=1#inbox
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: ptsp.dll
FF - ProfilePath - C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\70tlkdlm.default\
FF - plugin: C:\Documents and Settings\Matthew\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - ORPHANS REMOVED - - - -

BHO-{02AAA65F-E94E-4231-891A-00C930843E5a} - C:\WINDOWS\system32\dpvvox32.dll
BHO-{0376133C-F796-41E1-8053-BC978D3D83Aa} - C:\WINDOWS\system32\CmdLineExt0332.dll
BHO-{05554CBF-E94E-4231-891A-00C930843E5a} - C:\WINDOWS\system32\dinput832.dll
BHO-{06EC2678-F796-41E1-8053-BC978D3D83Aa} - C:\WINDOWS\system32\dpvvox32.dll
BHO-{0AAA997F-E94E-4231-891A-00C930843E5a} - C:\WINDOWS\system32\CmdLineExt0332.dll
BHO-{1475614C-7FB1-4E60-A107-56F4B42F8705} - C:\WINDOWS\system32\dinput832.dll
BHO-{155532FF-E94E-4231-891A-00C930843E5a} - C:\WINDOWS\system32\CmdLineExt0332.dll
BHO-{ad55c869-668e-457c-b270-0cfb2f61116f} - (no file)
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
BHO-{EBD8AC5B-B21E-4D1F-91D0-A36C79876E73} - C:\WINDOWS\system32\danim32.dll
Toolbar-Locked - (no file)
Notify-7c5e00a5971 - C:\WINDOWS\system32\danim32.dll
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre6\bin\jusched.exe
AddRemove-GameSpy Arcade - C:\PROGRA~1\GAMESP~1\UNWISE.EXE


----------



## dvk01 (Dec 14, 2002)

still quite a bit to do

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press *SAVE * and choose desktop in the list of selections in that window & press save)
*Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished *
Close any open browsers 
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply

*Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum *

This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

or to 
http://www.bleepingcomputer.com/submit-malware.php?channel=38


----------



## theFAst0ne (Apr 16, 2009)

I have done as you asked, and uploaded it to thespykiller.co.uk


----------



## dvk01 (Dec 14, 2002)

I think we are going to be fighting alosing battle with this one as thje latest cf log you submitted shows a lot ofd still infected entries

see if thsi will clear anything up

Please download Malwarebytes' Anti-Malware to your desktop
from  HERE  orHERE

Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded. 
Once the program has loaded, select Perform quick scan, then click Scan. 
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. 
Please include this log in your next reply.

It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert) 
If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot


----------



## theFAst0ne (Apr 16, 2009)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4466

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010/08/23 20:42:38
mbam-log-2010-08-23 (20-42-38).txt

Scan type: Quick scan
Objects scanned: 161931
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02aaa65f-e94e-4231-891a-00c930843e5a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{02aaa65f-e94e-4231-891a-00c930843e5a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06ec2678-f796-41e1-8053-bc978d3d83aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{06ec2678-f796-41e1-8053-bc978d3d83aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-21cx1c643131} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ihistorycookies.clshistorycookies (Rogue.ErrorEraser) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8502d876-f5a4-42cb-8ba7-55413c6cd36f} (Rogue.ErrorEraser) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4b5563b7-2353-4c1e-865d-a3c84259d548} (Rogue.ErrorEraser) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fe7beebd-7d16-4efc-a204-310ada898c32} (Rogue.ErrorEraser) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-21cx1c643131} (Worm.AutoRun) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Advanced Registry Fix\IHistoryCookies.dll (Rogue.ErrorEraser) -> Quarantined and deleted successfully.


----------



## dvk01 (Dec 14, 2002)

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press *SAVE * and choose desktop in the list of selections in that window & press save)

*Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished *

Close any open browsers 
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .

*Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum *


----------



## theFAst0ne (Apr 16, 2009)

ComboFix 10-08-22.05 - Matthew 2010/08/24 9:37.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2584 [GMT 2:00]
Running from: c:\documents and settings\Matthew\Desktop\thefastone12345.exe
Command switches used :: c:\documents and settings\Matthew\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24 )))))))))))))))))))))))))))))))
.

2010-08-23 18:34 . 2010-08-23 18:34	--------	d-----w-	c:\documents and settings\Matthew\Application Data\Malwarebytes
2010-08-23 18:33 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 18:33 . 2010-08-23 18:33	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-23 18:33 . 2010-08-23 18:33	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-23 18:33 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-22 17:01 . 2010-08-23 13:15	--------	d-----w-	c:\program files\Windows Live Safety Center
2010-08-19 17:55 . 2010-08-19 17:58	--------	d-----w-	C:\46ff1f1f2e8aa8376d4a1981064e8c
2010-08-17 16:52 . 2010-08-17 16:52	--------	d--h--r-	c:\documents and settings\Matthew\Application Data\SecuROM
2010-08-17 10:00 . 2010-08-17 10:00	--------	d-----w-	c:\program files\Trend Micro
2010-08-09 14:07 . 2010-08-09 14:07	--------	d-----w-	c:\program files\AGEIA Technologies
2010-08-09 14:07 . 2010-08-09 14:07	--------	d-----w-	c:\windows\system32\AGEIA
2010-08-04 09:28 . 2010-08-04 09:28	503808	----a-w-	c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-684833c6-n\msvcp71.dll
2010-08-04 09:28 . 2010-08-04 09:28	499712	----a-w-	c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-684833c6-n\jmc.dll
2010-08-04 09:28 . 2010-08-04 09:28	348160	----a-w-	c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-684833c6-n\msvcr71.dll
2010-08-04 09:28 . 2010-08-04 09:28	61440	----a-w-	c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-411814f6-n\decora-sse.dll
2010-08-04 09:28 . 2010-08-04 09:28	12800	----a-w-	c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-411814f6-n\decora-d3d.dll
2010-08-01 14:44 . 2010-08-01 14:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\IObit
2010-07-25 13:14 . 2010-07-25 13:14	--------	d-----w-	c:\documents and settings\Matthew\.fontconfig

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 18:42 . 2010-05-31 16:05	--------	d-----w-	c:\program files\Advanced Registry Fix
2010-08-19 17:53 . 2008-12-26 09:26	--------	d-----w-	c:\program files\Common Files\Java
2010-08-19 17:53 . 2009-03-29 05:58	--------	d-----w-	c:\program files\Java
2010-08-16 15:00 . 2007-09-21 13:36	--------	d-----w-	c:\program files\Google
2010-08-16 13:28 . 2009-04-25 08:26	--------	d-----w-	c:\documents and settings\Matthew\Application Data\Skype
2010-08-16 13:04 . 2009-04-25 08:27	--------	d-----w-	c:\documents and settings\Matthew\Application Data\skypePM
2010-08-13 09:12 . 2010-01-24 11:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-10 10:30 . 2006-11-14 09:57	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-10 09:58 . 2007-02-16 06:13	--------	d-----w-	c:\program files\Electronic Arts
2010-08-10 09:02 . 2009-09-21 12:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Electronic Arts
2010-08-10 09:01 . 2009-11-13 14:30	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2010-08-09 14:06 . 2010-05-24 15:57	--------	d-----w-	c:\program files\Common Files\BioWare
2010-08-09 13:23 . 2010-05-24 17:09	--------	d-----w-	c:\documents and settings\All Users\Application Data\BioWare
2010-08-09 12:19 . 2008-12-23 11:34	--------	d-----w-	c:\program files\Windows Live
2010-08-09 12:15 . 2009-05-23 10:00	--------	d-----w-	c:\program files\Logitech
2010-08-09 12:15 . 2009-05-23 10:00	--------	d-----w-	c:\program files\Common Files\Logitech
2010-08-09 12:14 . 2006-11-19 08:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\Symantec
2010-08-01 19:55 . 2006-11-19 08:28	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-08-01 15:59 . 2010-07-09 14:34	--------	d-----w-	c:\program files\IObit
2010-08-01 15:51 . 2008-07-02 12:04	--------	d-----w-	c:\program files\Common Files\Apple
2010-08-01 15:46 . 2009-03-06 12:58	--------	d-----w-	c:\program files\GameShadow
2010-07-31 11:43 . 2010-05-16 11:46	--------	d-----w-	c:\documents and settings\All Users\Application Data\CanonIJ
2010-07-31 11:43 . 2010-05-16 09:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-07-27 14:47 . 2007-04-01 12:57	43520	----a-w-	c:\windows\system32\CmdLineExt03.dll
2010-07-27 14:47 . 2009-05-05 16:10	--------	d-----w-	c:\program files\TFI FX
2010-07-25 13:57 . 2008-12-25 12:33	--------	d-----w-	c:\documents and settings\Matthew\Application Data\gtk-2.0
2010-07-17 03:00 . 2010-07-09 15:48	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-07-12 11:51 . 2010-07-09 14:37	--------	d-----w-	c:\documents and settings\Matthew\Application Data\IObit
2010-07-10 11:44 . 2010-07-10 11:44	503808	----a-w-	c:\documents and settings\Giovanna\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5909b857-n\msvcp71.dll
2010-07-10 11:44 . 2010-07-10 11:44	499712	----a-w-	c:\documents and settings\Giovanna\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5909b857-n\jmc.dll
2010-07-10 11:44 . 2010-07-10 11:44	348160	----a-w-	c:\documents and settings\Giovanna\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5909b857-n\msvcr71.dll
2010-07-10 11:44 . 2010-07-10 11:44	61440	----a-w-	c:\documents and settings\Giovanna\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f31b64f-n\decora-sse.dll
2010-07-10 11:44 . 2010-07-10 11:44	12800	----a-w-	c:\documents and settings\Giovanna\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f31b64f-n\decora-d3d.dll
2010-07-09 16:01 . 2006-11-16 15:44	--------	d-----w-	c:\program files\Microsoft Works
2010-07-09 16:01 . 2010-04-06 11:09	--------	d-----w-	c:\program files\MTN [email protected]
2010-07-09 16:01 . 2009-09-23 13:15	--------	d-----w-	c:\program files\SmartDraw 2010
2010-07-09 16:01 . 2008-12-23 11:34	--------	d-----w-	c:\documents and settings\All Users\Application Data\WLInstaller
2010-07-09 16:01 . 2007-08-11 10:52	--------	d-----w-	c:\program files\Common Files\EasyInfo
2010-07-09 15:49 . 2010-07-09 15:49	503808	----a-w-	c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6ae8d8f6-n\msvcp71.dll
2010-07-09 15:49 . 2010-07-09 15:49	499712	----a-w-	c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6ae8d8f6-n\jmc.dll
2010-07-09 15:49 . 2010-07-09 15:49	348160	----a-w-	c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6ae8d8f6-n\msvcr71.dll
2010-07-09 15:48 . 2010-07-09 15:48	61440	----a-w-	c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-21a733bb-n\decora-sse.dll
2010-07-09 15:48 . 2010-07-09 15:48	12800	----a-w-	c:\documents and settings\Matthew\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-21a733bb-n\decora-d3d.dll
2010-07-09 15:36 . 2010-01-24 12:04	--------	d-----w-	c:\program files\Microsoft.NET
2010-07-09 15:33 . 2010-07-09 14:41	--------	d-----w-	c:\program files\Microsoft SQL Server
2010-07-07 02:27 . 2008-11-04 17:30	5069312	----a-w-	c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:58 . 2009-02-25 20:32	53248	----a-w-	c:\windows\system32\aticalrt.dll
2010-07-07 01:58 . 2009-02-25 20:32	53248	----a-w-	c:\windows\system32\aticalcl.dll
2010-07-07 01:57 . 2009-02-25 20:30	4337664	----a-w-	c:\windows\system32\aticaldd.dll
2010-07-07 01:53 . 2009-02-25 21:30	15499264	----a-w-	c:\windows\system32\atioglxx.dll
2010-07-07 01:50 . 2009-04-05 07:15	311296	----a-w-	c:\windows\system32\atiiiexx.dll
2010-07-07 01:48 . 2009-04-05 07:15	446464	----a-w-	c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47 . 2008-11-04 17:35	299520	----a-w-	c:\windows\system32\ati2dvag.dll
2010-07-07 01:41 . 2008-11-04 17:35	3869952	----a-w-	c:\windows\system32\ati3duag.dll
2010-07-07 01:33 . 2008-02-26 03:02	208896	----a-w-	c:\windows\system32\atipdlxx.dll
2010-07-07 01:32 . 2008-02-26 03:02	155648	----a-w-	c:\windows\system32\Oemdspif.dll
2010-07-07 01:32 . 2008-02-26 03:01	26112	----a-w-	c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32 . 2008-02-26 03:01	43520	----a-w-	c:\windows\system32\ati2edxx.dll
2010-07-07 01:32 . 2008-02-26 03:01	159744	----a-w-	c:\windows\system32\ati2evxx.dll
2010-07-07 01:31 . 2008-02-26 03:00	602112	----a-w-	c:\windows\system32\ati2evxx.exe
2010-07-07 01:29 . 2008-02-26 02:58	53248	----a-w-	c:\windows\system32\ATIDDC.DLL
2010-07-07 01:29 . 2010-03-05 15:46	143360	----a-w-	c:\windows\system32\atiapfxx.exe
2010-07-07 01:28 . 2008-11-04 17:35	2273920	----a-w-	c:\windows\system32\ativvaxx.dll
2010-07-07 01:27 . 2009-04-05 07:15	887724	----a-w-	c:\windows\system32\ativva6x.dat
2010-07-07 01:27 . 2009-04-05 07:15	3	----a-w-	c:\windows\system32\ativva5x.dat
2010-07-07 01:25 . 2008-02-26 02:25	573440	----a-w-	c:\windows\system32\atikvmag.dll
2010-07-07 01:24 . 2008-02-26 02:19	393216	----a-w-	c:\windows\system32\atiok3x2.dll
2010-07-07 01:24 . 2009-02-25 20:38	184320	----a-w-	c:\windows\system32\atiadlxx.dll
2010-07-07 01:23 . 2008-02-26 02:23	17408	----a-w-	c:\windows\system32\atitvo32.dll
2010-07-07 01:19 . 2008-11-04 17:35	704512	----a-w-	c:\windows\system32\ati2cqag.dll
2010-07-07 01:15 . 2009-03-16 19:40	65024	----a-w-	c:\windows\system32\atimpc32.dll
2010-07-07 01:15 . 2008-02-26 02:29	65024	----a-w-	c:\windows\system32\amdpcom32.dll
2010-07-07 01:15 . 2008-02-26 02:22	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2010-06-30 12:31 . 2002-12-31 12:00	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2002-12-31 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2002-12-31 12:00	1851904	------w-	c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-12-31 12:00	354304	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-12-31 12:00	80384	------w-	c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-11-14 09:38	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2002-12-31 12:00	1172480	----a-w-	c:\windows\system32\msxml3.dll
2009-11-01 11:59 . 2009-06-16 11:17	88	--sh--r-	c:\windows\system32\F4B24A8872.sys
2009-11-01 11:59 . 2009-06-16 10:16	2828	--sha-w-	c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [email protected]_12.40.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-24 07:26 . 2010-08-24 07:26	16384 c:\windows\Temp\Perflib_Perfdata_b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-01 16864768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="c:\documents and settings\David Perry\Application Data\Symantec\Layouts\NSW-Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070826\Support\SymLnch\SymLnch.exe" [2007-08-27 687976]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28	72208	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Screen Saver Control.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 12:15	81920	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2008-07-21 15:16	169312	----a-w-	c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre6\bin\jusched.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c953bd601bbe08"=2 (0x2)
"GoogleDesktopManager-110408-113106"=3 (0x3)
"CiSvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Matthew\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Matthew\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"d:\\Program Files\\Electronic Arts\\Need for Speed SHIFT\\shift.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Codemasters\\Colin McRae Rally 04\\cmr4.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\regsvr32.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_13\\bin\\appletviewer.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"d:\\Program Files\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"d:\\Program Files\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"d:\\Program Files\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009/05/23 12:14 10384]
S2 FLEXlm License Manager;FLEXlm License Manager;c:\seflex\\Program\lmgrd.exe --> c:\seflex\\Program\lmgrd.exe [?]
S2 gupdate1c953bd601bbe08;Google Update Service (gupdate1c953bd601bbe08);c:\program files\Google\Update\GoogleUpdate.exe [2008/12/01 16:01 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2009/12/15 22:07 25832]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009/06/11 13:25 28672]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2009/08/16 13:01 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2009/08/16 13:01 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2009/08/16 13:01 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2009/08/16 13:02 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2009/08/16 13:02 98568]
.
Contents of the 'Scheduled Tasks' folder

2010-08-21 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2010-05-17 19:13]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-01 14:01]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-01 14:01]

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-789336058-839522115-1003Core.job
- c:\documents and settings\David Perry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-30 14:05]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-789336058-839522115-1003UA.job
- c:\documents and settings\David Perry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-30 14:05]

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-789336058-839522115-1007Core.job
- c:\documents and settings\Giovanna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-03 13:12]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-789336058-839522115-1007UA.job
- c:\documents and settings\Giovanna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-03 13:12]

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{5FD85D01-F603-460C-8ECF-04CAF671AB9E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 00:31]

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{A2CA8844-EC24-45B2-BBAB-C03BC8BFA53B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 00:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mail.google.com/mail/?hl=en&shva=1#inbox
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: ptsp.dll
FF - ProfilePath - c:\documents and settings\Matthew\Application Data\Mozilla\Firefox\Profiles\70tlkdlm.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 09:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmVirHid]
"ImagePath"="system32\drivers\WmVirHid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmXlCore]
"ImagePath"="system32\drivers\WmXlCore.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WSearchIdxPi]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{12BD5C39-81AA-4CFB-882B-6C1E413614FA}]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{A61682B4-A2B4-47B6-8AB0-6E7FF1C4EFB2}]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{A9F7A626-5250-4F9E-BDE5-CFDFEE6E9249}]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{B513E922-4D8F-4F22-9E3F-4B94252D12F9}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,4e,dd,94,cb,5e,80,44,b4,58,71,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,4e,dd,94,cb,5e,80,44,b4,58,71,\

[HKEY_USERS\S-1-5-21-746137067-789336058-839522115-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-746137067-789336058-839522115-1005\Software\SecuROM\License information*]
"datasecu"=hex:c4,28,2c,95,b5,12,9c,c8,a1,b1,11,0c,70,d6,c8,27,2a,07,d3,11,1c,
e3,89,1f,a6,0e,9d,a4,83,d9,2d,0d,e3,3d,09,03,ec,43,06,92,74,b6,01,cb,e6,15,\
"rkeysecu"=hex:f2,d6,c8,46,3f,aa,54,c5,90,8a,7e,2b,f8,c9,9c,7f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\ptsp.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3736)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\ptsp.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2010-08-24 09:57:05
ComboFix-quarantined-files.txt 2010-08-24 07:57
ComboFix2.txt 2010-08-23 12:42

Pre-Run: 30 047 612 928 bytes free
Post-Run: 30 023 979 008 bytes free

- - End Of File - - 3F42F31FCAED1AB1603FDAC272D1A617


----------



## dvk01 (Dec 14, 2002)

how is it now

are you having any problems now


----------



## theFAst0ne (Apr 16, 2009)

I'll monitor it over the next few days and get back to you, but it seems normal at the moment. Thanks


----------



## dvk01 (Dec 14, 2002)

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click *START* then * RUN*
* Now type *Combofix /Uninstall * in the runbox and click *OK*. Note the *space *between the *X* and the */U*, it needs to be there.









This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here* http://www.thespykiller.co.uk/index.php?page=3 *for info on how to tighten your security settings and how to help prevent future attacks.

and scan here* http://secunia.com/software_inspector/ * for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place


----------

