Inactive Browsers redirect to qbyrd or ask.com

[Inactive] Browsers redirect to qbyrd or ask.com

As per subject line, my browsers, both Firefox and Internet Explorer, both redirect me to qbyrd.com or ask.com when pointed at specific websites. These websites are accessible from other computers on the same network. Also, the computer seems to be running exceptionally slow these days... I know it's not new and doesn't have a large amount of RAM, but it's just been dog slow lately and I am using the same software versions I've been using for the past 5 years.

You will note from the error logfile the presence of Hotspot Shield, I removed this software in response to several web postings which indicated that it may be the culprit prior to seeking the assistance of this forum, but it did not help me.

Not sure if it's relevant, but I cannot install update KB2229593, can't remember the exact verbiage but all my update reports end with something like "9 of 10 updates installed" and this one is always the one that isn't.

System:

Dell Optiplex G620
Pentium D dual-core 3.4GHz
1.0 GB RAM
Windows XP SP3, all current updates applied

Malware Bytes Anti-Malware log:

############START LOGFILE#############

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5590

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2011-01-24 08:53:23
mbam-log-2011-01-24 (08-53-23).txt

Scan type: Quick scan
Objects scanned: 207821
Time elapsed: 5 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

###########END LOGFILE###############

GMER log:

*************START LOGFILE **************

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-24 07:24:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD800JD-75MSA3 rev.10.01E04
Running: 8k3ok8i5.exe; Driver: C:\DOCUME~1\dspear.HM\LOCALS~1\Temp\uxrdapow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF7947470]
SSDT \??\C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xF7947520]
SSDT \??\C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF79475C0]
SSDT \??\C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF7947660]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x804D7FEC]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FEC] ZwCreateKey [0x804D7FEC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x804D7FF1]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FF1] ZwOpenKey [0x804D7FF1]

INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] 804D7FFB

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF696FF80]
.text C:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xA9F9A000, 0x49379, 0xE0000020]
.init C:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xA9FF0224]
.init C:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xA9FF0000, 0x4000, 0xE20000E0]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA9D39400, 0x6EB98, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA9DC3C20] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA9DC3C20]
.protectÿÿÿÿhardlockunknown last code section [0xA9DC3A00, 0x50CA, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA9DC3A00, 0x50CA, 0xE0000020]
? System32\Drivers\fd58a66d.sys The system cannot find the path specified. !
? System32\Drivers\34aa7281.sys The system cannot find the path specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys (Trufos Kernel Module/BitDefender S.R.L.)
AttachedDevice \Driver\Tcpip \Device\Ip rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)

Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice \Driver\Tcpip \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \FileSystem\Fastfat \Fat trufos.sys (Trufos Kernel Module/BitDefender S.R.L.)

---- EOF - GMER 1.0.15 ----

*************END LOGFILE*******************

MBRCheck log:

@@@@@@@@START LOGFILE@@@@@@@@@@@@@

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0100000d

Kernel Drivers (total 144):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7AFE000 \WINDOWS\system32\KDCOM.DLL
0xF7A0E000 \WINDOWS\system32\BOOTVID.dll
0xF74CF000 ACPI.sys
0xF7B00000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74BE000 pci.sys
0xF75FE000 isapnp.sys
0xF7BC6000 pciide.sys
0xF787E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF760E000 MountMgr.sys
0xF749F000 ftdisk.sys
0xF7B02000 dmload.sys
0xF7479000 dmio.sys
0xF7886000 PartMgr.sys
0xF761E000 VolSnap.sys
0xF7461000 atapi.sys
0xF762E000 disk.sys
0xF763E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7441000 fltmgr.sys
0xF742F000 sr.sys
0xF73EA000 bdfsfltr.sys
0xF764E000 PxHelp20.sys
0xF73D3000 KSecDD.sys
0xF7346000 Ntfs.sys
0xF7319000 NDIS.sys
0xF765E000 AVGIDSEH.sys
0xF72FF000 Mup.sys
0xF767E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF713F000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF712B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78C6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7107000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78CE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF70C7000 \SystemRoot\system32\drivers\smwdm.sys
0xF70A3000 \SystemRoot\system32\drivers\portcls.sys
0xF768E000 \SystemRoot\system32\drivers\drmk.sys
0xF7080000 \SystemRoot\system32\drivers\ks.sys
0xF6FCD000 \SystemRoot\system32\drivers\senfilt.sys
0xF78EE000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6FB9000 \SystemRoot\system32\DRIVERS\parport.sys
0xF769E000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7ADE000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF76AE000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76BE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76CE000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6F9B000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xF7B08000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF7CE9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7B0C000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF790E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76DE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AEE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6F84000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76EE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76FE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF792E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6F73000 \SystemRoot\system32\DRIVERS\psched.sys
0xF770E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF771E000 \SystemRoot\system32\DRIVERS\tapvpn.sys
0xF793E000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF772E000 \SystemRoot\system32\DRIVERS\rp_skt32.sys
0xF6F1B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF773E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF795E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7966000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF774E000 \SystemRoot\system32\DRIVERS\rp_pkt32.sys
0xF7B12000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6E1D000 \SystemRoot\system32\DRIVERS\update.sys
0xF72AE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF776E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF777E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B16000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF797E000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7ACA000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B1A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D3E000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B1E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79A6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79AE000 \SystemRoot\System32\drivers\vga.sys
0xF7B22000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B26000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79BE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79CE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7ADA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA765000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA70C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA6BC000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA696000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA674000 \SystemRoot\System32\drivers\afd.sys
0xF77AE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF77BE000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF79DE000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xAA649000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA5B1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77CE000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA7AC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF77EE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF79FE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7896000 \SystemRoot\system32\DRIVERS\LHidFlt2.Sys
0xAA7A0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF77FE000 \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
0xF780E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA798000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF727E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAA4F9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B36000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA700000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78F6000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C8C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xAA3A4000 \SystemRoot\System32\Drivers\DefragFS.SYS
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA37C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF79F6000 \??\C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
0xAA409000 \??\C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
0xAA174000 \??\C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
0xAA07F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF78E6000 \SystemRoot\System32\drivers\BrPar.sys
0xAA01C000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0xA9F99000 \??\C:\WINDOWS\system32\drivers\aksfridge.sys
0xAA03B000 \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS
0xA9E19000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xAA244000 \SystemRoot\System32\Drivers\DgiVecp.sys
0xA9C99000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xA9C75000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA9B06000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7A06000 \SystemRoot\System32\Drivers\SpPortEx.sys
0xA98D2000 \??\C:\Program Files\TELUS\TELUS security services\BitDefender\profos.sys
0xA9BC5000 \??\C:\Program Files\TELUS\TELUS security services\BitDefender\trufos.sys
0xA979A000 \SystemRoot\System32\Drivers\988345da.sys
0xF7946000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA974F000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA970E000 \SystemRoot\System32\Drivers\HTTP.sys
0xA95B9000 \SystemRoot\system32\drivers\wdmaud.sys
0xA95FE000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8FAA000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xA8C8F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 44):
0 System Idle Process
4 System
1220 C:\WINDOWS\system32\smss.exe
1280 csrss.exe
1304 C:\WINDOWS\system32\winlogon.exe
1348 C:\WINDOWS\system32\services.exe
1360 C:\WINDOWS\system32\lsass.exe
1524 C:\WINDOWS\system32\svchost.exe
1824 svchost.exe
1864 C:\WINDOWS\system32\svchost.exe
2040 svchost.exe
228 svchost.exe
456 C:\WINDOWS\system32\spoolsv.exe
484 C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
684 svchost.exe
848 C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
864 C:\WINDOWS\system32\svchost.exe
896 C:\Program Files\Bonjour\mDNSResponder.exe
916 C:\WINDOWS\system32\drivers\CDAC11BA.EXE
960 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1036 C:\Program Files\FlexLM\lmgrd.exe
1052 C:\Program Files\FolderSize\FolderSizeSvc.exe
1116 C:\Program Files\FlexLM\lmgrd.exe
1192 C:\Program Files\FlexLM\adskflex.exe
1200 C:\WINDOWS\system32\hasplms.exe
1572 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2068 C:\WINDOWS\system32\svchost.exe
2292 C:\WINDOWS\system32\wuauclt.exe
2932 alg.exe
3352 C:\WINDOWS\explorer.exe
3564 C:\WINDOWS\system32\wuauclt.exe
3680 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3828 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3904 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
3928 C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
3960 C:\WINDOWS\system32\ctfmon.exe
4040 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
4068 C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
528 C:\PROGRA~1\Webshots\Webshots.scr
1492 C:\WINDOWS\system32\taskmgr.exe
3120 C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
3056 C:\Program Files\Mozilla Firefox\firefox.exe
2472 C:\WINDOWS\system32\sol.exe
2988 C:\Documents and Settings\dspear.HM\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JD-75MSA3, Rev: 10.01E04

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

@@@@@@@@@END LOGFILE@@@@@@@@@@@@@@@

DDS logs to follow in next posting labelled

"Browsers redirect to qbyrd or ask.com PART 2 of 2 "

 

Browsers redirect to qbyrd or ask.com PART 2 of 2

DDS.txt

############START LOGFILE###################


DDS (Ver_10-12-12.02) - NTFSx86
Run by dspear at 7:53:04.63 on 2011-01-24
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.382 [GMT -8:00]

AV: TELUS security services Anti-Virus *Disabled/Outdated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: TELUS security services Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\FlexLM\lmgrd.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\FlexLM\lmgrd.exe
C:\Program Files\FlexLM\adskflex.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\dspear.HM\Desktop\dds.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {C709AC25-FF3B-4DCD-BBBC-AFB8B240CE4A} - No File
EB: {32683183-48A0-441B-A342-7C2A440A9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
uRun: [RIMDeviceManager] "c:\program files\common files\research in motion\rimdevicemanager\RIMDeviceManager.exe" -RunServer
uRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN
StartupFolder: c:\docume~1\dspear.hm\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\dspear.hm\startm~1\programs\startup\autoru~1\hotsyn~1.lnk - c:\program files\palm\HotSWizard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imager~1.lnk - c:\program files\nuance\paperport\xdcla.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mbcame~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\vpncli~1.lnk - c:\windows\installer\{4c271126-c295-4828-a901-5910ae0c258b}\Icon3E5562ED7.ico
mPolicies-system: DisableCAD = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_19\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0FCB27D0-3397-498B-ACA6-E881421153AD} - hxxp://www.projectfile.net/planroom/Resources/Help/en/HelpLauncher.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://maps.penticton.ca/PenMAP/mgaxctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164211313433
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://watermark1.snccam.net:8080/program/SonySncRz25View.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E76A19A9-B579-4FF7-8857-7D79B22F8D45} - hxxp://www.projectfile.net/planroom/Resources/BravaClient/en/BravaClientX.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dspear.hm\applic~1\mozilla\firefox\profiles\default.dzh\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com/
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_19\bin\NPJPI150_19.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\telus\telus security advisor\nprpspa.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Mozilla Archive Format: {7f57cf46-4467-4c2d-adfa-0cba7c507e54} - %profile%\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext

============= SERVICES / DRIVERS ===============

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-12-13 25608]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\lsoft technologies inc\active@ hard disk monitor\DiskMonitorService.exe [2010-2-8 1127944]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-11 14336]
R2 FlexLM 1;FlexLM 1;c:\program files\flexlm\lmgrd.exe [2007-7-9 962560]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\telus\telus security services\avg\identity protection\agent\bin\AVGIDSAgent.exe [2010-12-13 5832712]
R2 SpPortEx;Samsung Port Exclusion;c:\windows\system32\drivers\SpPortEx.sys [2006-12-12 7168]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2010-12-13 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2010-12-13 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSShim.sys [2010-12-13 25736]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-4 135664]
S2 Radialpoint Security Services;TELUS security services;c:\program files\telus\telus security services\RpsSecurityAwareR.exe [2010-6-2 166944]
S2 ServicepointService;ServicepointService;c:\program files\telus\telus security advisor\ServicepointService.exe [2011-1-24 689464]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\dspear.hm\my documents\inter-tel\collaboration client 2.0\lkWebLink.exe [2008-2-6 32768]

=============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2011-01-21 15:28:22 -------- d-----w- c:\program files\AskBardis
2011-01-20 22:56:12 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2011-01-19 20:10:36 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2011-01-14 19:05:09 102160 ----a-w- c:\windows\system32\VB6CHT.DLL
2011-01-14 19:04:50 62976 ----a-w- c:\windows\system32\shdocvw.oca
2011-01-14 19:04:44 -------- d-----w- c:\program files\DietJPEG

==================== Find3M ====================

2011-01-24 15:33:36 256 ----a-w- c:\documents and settings\dspear.hm\pool.bin
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-15 20:19:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-08 09:20:24 89088 ----a-w- c:\windows\MBR.exe
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2002-11-21 19:56:50 153600 ----a-w- c:\program files\hdi.exe

============= FINISH: 7:55:14.21 ===============

###############END LOGFILE####################

Attach.txt

^^^^^^^^^^^^START LOGFILE^^^^^^^^^^^^^^^^


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2006-11-17 14:48:03
System Uptime: 2011-01-24 07:30:14 (0 hours ago)

Motherboard: Dell Inc. | | 0HH807
Processor: Intel(R) Pentium(R) D CPU 3.40GHz | Microprocessor | 3391/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 7.32 GiB free.
D: is CDROM ()
Y: is NetworkDisk (NTFS) - 30 GiB total, 6.485 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Direct Parallel
Device ID: ROOT\MS_PTIMINIPORT\0000
Manufacturer: Microsoft
Name: Direct Parallel
PNP Device ID: ROOT\MS_PTIMINIPORT\0000
Service: Raspti

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0002
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0002
Service: CVirtA

==== System Restore Points ===================

RP6: 2010-12-06 14:02:01 - System Checkpoint
RP7: 2010-12-07 16:25:44 - System Checkpoint
RP8: 2010-12-08 16:27:42 - System Checkpoint
RP9: 2010-12-09 17:26:37 - System Checkpoint
RP10: 2010-12-10 18:26:39 - System Checkpoint
RP11: 2010-12-11 19:26:33 - System Checkpoint
RP12: 2010-12-12 20:26:34 - System Checkpoint
RP13: 2010-12-13 20:55:22 - System Checkpoint
RP14: 2010-12-14 20:55:55 - System Checkpoint
RP15: 2010-12-15 21:55:58 - System Checkpoint
RP16: 2010-12-16 22:55:58 - System Checkpoint
RP17: 2010-12-17 23:27:17 - System Checkpoint
RP18: 2010-12-19 00:51:15 - System Checkpoint
RP19: 2010-12-20 01:30:59 - System Checkpoint
RP20: 2010-12-21 02:27:21 - System Checkpoint
RP21: 2010-12-22 03:27:24 - System Checkpoint
RP22: 2010-12-23 04:27:23 - System Checkpoint
RP23: 2010-12-24 05:27:25 - System Checkpoint
RP24: 2010-12-25 06:27:25 - System Checkpoint
RP25: 2010-12-26 07:25:36 - System Checkpoint
RP26: 2010-12-27 07:27:21 - System Checkpoint
RP27: 2010-12-28 08:27:22 - System Checkpoint
RP28: 2010-12-29 09:27:23 - System Checkpoint
RP29: 2010-12-30 11:03:24 - System Checkpoint
RP30: 2010-12-31 11:39:24 - System Checkpoint
RP31: 2011-01-01 12:39:25 - System Checkpoint
RP32: 2011-01-02 13:27:25 - System Checkpoint
RP33: 2011-01-03 13:39:27 - System Checkpoint
RP34: 2011-01-04 16:15:05 - System Checkpoint
RP35: 2011-01-05 16:34:28 - System Checkpoint
RP36: 2011-01-06 07:36:25 - Software Distribution Service 3.0
RP37: 2011-01-07 08:14:44 - System Checkpoint
RP38: 2011-01-08 08:34:51 - System Checkpoint
RP39: 2011-01-09 09:35:00 - System Checkpoint
RP40: 2011-01-10 10:56:50 - System Checkpoint
RP41: 2011-01-11 12:31:26 - System Checkpoint
RP42: 2011-01-12 14:47:49 - System Checkpoint
RP43: 2011-01-13 16:15:54 - System Checkpoint
RP44: 2011-01-14 16:35:05 - System Checkpoint
RP45: 2011-01-15 16:59:03 - System Checkpoint
RP46: 2011-01-16 17:47:05 - System Checkpoint
RP47: 2011-01-17 18:33:27 - System Checkpoint
RP48: 2011-01-18 19:33:54 - System Checkpoint
RP49: 2011-01-19 12:09:57 - Removed Java(TM) 6 Update 22
RP50: 2011-01-20 12:48:42 - System Checkpoint
RP51: 2011-01-21 10:40:46 - OTL Restore Point
RP52: 2011-01-22 11:29:33 - System Checkpoint
RP53: 2011-01-23 12:29:34 - System Checkpoint

==== Installed Programs ======================

Active@ Hard Disk Monitor
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Akamai NetSession Interface
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoCAD Civil 3D Land Desktop Companion 2008
AutoCAD Civil 3D Land Desktop Companion 2008 SP2
Autodesk Design Review 2011
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Azureus
BlackBerry Desktop Software 4.3
BlackBerry Device Software Updater
BlackBerry Device Software v4.5.0 for the BlackBerry 8130 smartphone
Bonjour
Broadcom Advanced Control Suite
Brother MFL-Pro Suite MFC-6490CW
BufferChm
CDex extraction audio
Cisco SDM
Cisco Systems VPN Client 5.0.03.0530
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Panorama1Config
CrackMem
Critical Update for Windows Media Player 11 (KB959772)
Crystal 11 - HCSS Integration
CueTour
Debugging Tools for Windows
DellTouch
Desktop Currency Converter
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DhcpExplorer 1.1
DietJPEG 1.2.0
Digital Photo Navigator 1.5
DivX Plus DirectShow Filters
DivX Setup
DocProc
DocumentViewer
DocumentViewerQFolder
DWG TrueView 2007
DWG TrueView 2011
eSupportQFolder
Everio MediaBrowser
Exact Audio Copy 0.99pb4
Explorer Contract Manager.cs Client v6i
ExtractNow
FARO LS 1.1.406.58
FLAC Installer 1.1.3b (remove only)
Folder Size for Windows
Free 3GP Video Converter version 3.7.15
Free Mp3 Wma Converter V 1.91
FreeUndelete
FTP Commander
FullDPAppQFolder
Google Chrome
Google Earth
Google Update Helper
GPL Ghostscript 8.57
GPL Ghostscript Fonts
HCSS - Crystal XI Integration
HeavyBid 2006
HeavyBid 2010.0.1 Install and Update
HeavyBid Lite Standalone 2009 at C:\HeavyBid
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Product Assistant
HP Scanjet 4800 series
HP Solution Center & Imaging Support Tools 5.3
HP Update
hpg4850
HPProductAssistant
Huffyuv AVI lossless video codec (Remove Only)
Image Retriever 7
InstantShareDevices
Intel(R) Graphics Media Accelerator Driver
Intel(R) Processor ID Utility
Inter-Tel Collaboration Client 2.0
Invarion PDF Printer
J2SE Development Kit 5.0 Update 19
J2SE Runtime Environment 5.0 Update 19
J2SE Runtime Environment 5.0 Update 6
JAP
Java 2 Runtime Environment, SE v1.4.2_04
Lizardtech DjVu Control
Logitech Desktop Messenger
Logitech MouseWare 9.79
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic Power Packs 3.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 6-9 Converter
Microsoft WSE 3.0 Runtime
Monkey's Audio
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 6 Ultra Edition
oggcodecs 0.71.0946
Orban/Coding Technologies AAC/aacPlus Player Pluginâ„¢ 1.0
Paint.NET v3.5.5
Palm Desktop
palmOne
PanoStandAlone
PaperPort Image Printer
PerfectDisk 10 Professional
PhotoGallery
PhotoImpact X3
Power Supply Designer II
PowerISO
Protected Music Converter 1.0.0.10
QuickTime
RandMap
RealPlayer
Roxio Media Manager
RPS CRT
RPS PerfectDiskStub
RPS RpsCore
SafeCast Shared Components
Scan
ScannerCopy
ScanSoft PaperPort 11
SDP Downloader
SearchAssist
Security Task Manager 1.7e
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sentinel System Driver 5.41.1 (32-bit)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
SkinsHP1
SolutionCenter
Sonic_PrimoSDK
Spectrum Analyzer pro Live 2007
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Starry Night Pro Plus 6
Sun Download Manager 2.0 (web)
Sun ODF Plugin for Microsoft Office 1.2
TELUS security advisor 3.7.44
TELUS security services
TMPGEnc 4.0 XPress
TouchCopy
Tweak UI
UltraISO Premium V9.33
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
USB Driver for Panasonic DVC
VBA (2627.01)
VC80CRTRedist - 8.0.50727.4053
Vuze
WebFldrs XP
WebReg
Webshots Desktop
Win2PDF 3.20.1
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WindX V6.20 (Plugin)
WinZip
WMPTagSupportExtender
Xerox Scan Driver
Xerox WC M20 Series PCL 6
Xerox WC M20 Series PS
Xvid 1.2.2 final uninstall

==== Event Viewer Messages From Past Week ========

2011-01-23 23:55:46, error: NETLOGON [5719] - No Domain Controller is available for domain HM due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
2011-01-23 23:55:46, error: NETLOGON [3224] - Changing machine account password for account UPSTAIRS$ failed with the following error: There are currently no logon servers available to service the logon request.
2011-01-21 13:19:52, error: Service Control Manager [7034] - The ServicepointService service terminated unexpectedly. It has done this 1 time(s).
2011-01-21 13:19:52, error: Service Control Manager [7034] - The Sentinel HASP License Manager service terminated unexpectedly. It has done this 1 time(s).
2011-01-21 13:19:52, error: Service Control Manager [7034] - The Folder Size service terminated unexpectedly. It has done this 1 time(s).
2011-01-21 13:19:52, error: Service Control Manager [7034] - The FlexLM 1 service terminated unexpectedly. It has done this 1 time(s).
2011-01-21 13:19:51, error: Service Control Manager [7034] - The TELUS security services Firewall service terminated unexpectedly. It has done this 1 time(s).
2011-01-21 13:19:51, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
2011-01-21 13:19:51, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
2011-01-21 13:19:51, error: Service Control Manager [7034] - The Active@ Disk Monitor service terminated unexpectedly. It has done this 1 time(s).
2011-01-21 10:29:10, error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
2011-01-21 10:28:45, error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).
2011-01-21 10:27:16, error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2011-01-21 10:27:08, error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2011-01-20 14:51:06, error: Service Control Manager [7034] - The C-DillaCdaC11BA service terminated unexpectedly. It has done this 1 time(s).
2011-01-19 11:33:12, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
2011-01-17 07:45:20, error: Service Control Manager [7034] - The TELUS security services service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

^^^^^^^^^^^^^^^^END LOGFILE^^^^^^^^^^^^^^^^

 

Thanks. Didn't occur to me to reply to my own post.

 

ComboFix 11-01-24.02 - dspear 2011-01-25 8:46.14.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.522 [GMT -8:00]
Running from: c:\documents and settings\dspear.HM\Desktop\ComboFix.exe
AV: TELUS security services Anti-Virus *Disabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: TELUS security services Firewall *Disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 )))))))))))))))))))))))))))))))
.

2011-01-21 15:28 . 2011-01-21 15:28 -------- d-----w- c:\program files\AskBardis
2011-01-19 20:10 . 2009-05-04 21:15 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2011-01-14 19:05 . 2000-10-02 08:00 102160 ----a-w- c:\windows\system32\VB6CHT.DLL
2011-01-14 19:04 . 2007-01-09 18:17 62976 ----a-w- c:\windows\system32\shdocvw.oca
2011-01-14 19:04 . 2011-01-14 19:04 -------- d-----w- c:\program files\DietJPEG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-24 15:33 . 2008-12-02 21:18 256 ----a-w- c:\documents and settings\dspear.HM\pool.bin
2010-12-21 02:09 . 2010-12-16 19:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2010-12-16 19:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-13 15:19 . 2010-12-13 15:19 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2010-12-13 15:18 . 2010-12-13 15:19 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2010-11-18 18:12 . 2004-08-11 23:12 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-15 20:19 . 2010-11-15 20:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 00:26 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-11 23:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-11 23:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2002-11-21 19:56 . 2002-11-21 19:56 153600 ----a-w- c:\program files\hdi.exe
.

((((((((((((((((((((((((((((( SnapShot_2011-01-20_23.09.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-24 16:06 . 2011-01-24 16:06 16384 c:\windows\temp\Perflib_Perfdata_6bc.dat
+ 2006-11-17 22:44 . 2011-01-24 15:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-11-17 22:44 . 2010-12-17 18:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-01-24 15:37 . 2011-01-24 15:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-12-17 18:30 . 2010-12-17 18:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-03 11:54 . 2011-01-24 15:40 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-03 11:54 . 2010-12-17 18:30 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"RIMDeviceManager "= "c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2008-08-01 1422608]
"Tsa.exe "= "c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2010-12-16 4318520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Tsa.exe "= "c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2010-12-16 4318520]

c:\documents and settings\dspear.HM\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-11-22 45056]

c:\documents and settings\dspear.HM\Start Menu\Programs\Startup\AutorunsDisabled
HotSync Manager.lnk - c:\program files\Palm\HotSWizard.exe [2003-3-21 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Image Retriever.lnk - c:\program files\Nuance\PaperPort\xdcla.exe [2008-2-28 266240]
MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2010-5-14 541976]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2009-8-19 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD "= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@= "Service "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Octoshape Streaming Services "= "c:\documents and settings\dspear.HM\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME> "=
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"PWRISOVM.EXE "=c:\program files\PowerISO\PWRISOVM.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Common Files\\Research In Motion\\USB Drivers\\BbDevMgr.exe "=
"c:\\Program Files\\Webshots\\Webshots.scr "=
"c:\\Program Files\\WinZip\\WINZIP32.EXE "=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe "=
"c:\\Program Files\\Brother\\Brmfl08g\\FAXRX.exe "=
"c:\\WINDOWS\\system32\\hasplms.exe "=
"c:\\Program Files\\Azureus\\Azureus.exe "=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe "=
"c:\\Program Files\\TELUS\\TELUS security advisor\\ServicepointService.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"54925:UDP "= 54925:UDP:BrotherNetwork Scanner
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-12-13 25608]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2010-02-08 1127944]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2004-08-11 14336]
R2 FlexLM 1;FlexLM 1;c:\program files\FlexLM\lmgrd.exe [2007-07-09 962560]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [2010-12-13 5832712]
R2 SpPortEx;Samsung Port Exclusion;c:\windows\system32\drivers\SpPortEx.sys [2006-12-12 7168]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2010-12-13 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [2010-12-13 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2010-12-13 25736]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 135664]
S2 Radialpoint Security Services;TELUS security services;c:\program files\TELUS\TELUS security services\RpsSecurityAwareR.exe [2010-06-02 166944]
S2 ServicepointService;ServicepointService;c:\program files\TELUS\TELUS security advisor\ServicepointService.exe [2011-01-24 689464]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-01 26624]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\dspear.HM\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [2008-02-06 32768]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - A650C0E5
*NewlyCreated* - AC5F6BA2
*Deregistered* - a650c0e5
*Deregistered* - ac5f6ba2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder

2011-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 22:48]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 22:48]

2011-01-25 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-11-18 23:31]

2008-12-04 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-12-02 23:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {0FCB27D0-3397-498B-ACA6-E881421153AD} - hxxp://www.projectfile.net/planroom/Resources/Help/en/HelpLauncher.cab
DPF: {E76A19A9-B579-4FF7-8857-7D79B22F8D45} - hxxp://www.projectfile.net/planroom/Resources/BravaClient/en/BravaClientX.cab
FF - ProfilePath - c:\documents and settings\dspear.HM\Application Data\Mozilla\Firefox\Profiles\default.dzh\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Mozilla Archive Format: {7f57cf46-4467-4c2d-adfa-0cba7c507e54} - %profile%\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

AddRemove-FreeUndelete - h:\program files\FreeUndelete\GLF213.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-25 08:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1772)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(1236)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-25 09:04:45
ComboFix-quarantined-files.txt 2011-01-25 17:04
ComboFix2.txt 2011-01-20 23:14
ComboFix3.txt 2010-12-02 15:27
ComboFix4.txt 2010-05-05 16:49
ComboFix5.txt 2011-01-25 16:43

Pre-Run: 7,692,460,032 bytes free
Post-Run: 7,674,007,552 bytes free

- - End Of File - - 492C9ED4D0D7AC5C63DEC02A6C1D1E53

 

As per your request:

ComboFix 10-01-11.04 - dspear 2010-01-12 8:57.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.612 [GMT -8:00]
Running from: c:\documents and settings\dspear.HM\Desktop\ComboFix.exe
AV: TELUS security services Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: TELUS security services Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\$NtUninstallKB922582$\fltlib.dll
c:\windows\$NtUninstallKB922582$\fltmc.exe
c:\windows\$NtUninstallKB922582$\fltmgr.sys
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.exe
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.inf
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.txt
c:\windows\$NtUninstallKB922582$\spuninst\updspapi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPLE_MOBILE_DEVICE
-------\Service_Apple Mobile Device


((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-12 16:45 . 2009-12-30 09:23 3584 ----a-w- c:\documents and settings\dspear.HM\Application Data\Octoshape\Octoshape Streaming Services\toucher-0912302-0-toucher.exe
2010-01-11 19:20 . 2009-12-30 09:23 71960 ----a-w- c:\documents and settings\dspear.HM\Application Data\Octoshape\Octoshape Streaming Services\sua-0912302-0-npoctoshape.dll
2010-01-11 19:20 . 2009-12-30 09:23 416768 ----a-w- c:\documents and settings\dspear.HM\Application Data\Octoshape\Octoshape Streaming Services\sua-0912302-0-libOctoshapeClient.dll
2010-01-11 19:20 . 2009-12-30 09:23 124184 ----a-w- c:\documents and settings\dspear.HM\Application Data\Octoshape\Octoshape Streaming Services\sua-0912302-0-apoctoshape.dll
2010-01-06 23:04 . 2010-01-06 23:07 -------- d-----w- c:\program files\ASPMonitor
2010-01-04 21:19 . 2010-01-04 21:19 -------- d-----w- c:\documents and settings\dspear.HM\Local Settings\Application Data\MindHyve
2010-01-04 21:19 . 2010-01-04 21:19 -------- d-----w- c:\program files\Kludget Engine
2010-01-04 20:55 . 2008-04-26 03:41 218624 ----a-w- c:\windows\system32\dllcache\uxtheme.dll
2010-01-04 19:58 . 2010-01-04 19:58 -------- d-----w- c:\documents and settings\dspear.HM\Local Settings\Application Data\WMTools Downloaded Files
2010-01-04 19:53 . 2010-01-04 19:57 -------- d-----w- c:\program files\RKLauncher
2010-01-04 19:19 . 2010-01-04 19:19 -------- d-----w- C:\CSA 080 standard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 17:03 . 2008-11-26 17:52 44722976 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-12 17:03 . 2008-11-26 17:52 2616608 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-12 16:45 . 2009-11-12 20:42 71960 ----a-w- c:\documents and settings\dspear.HM\Application Data\Mozilla\plugins\npoctoshape.dll
2010-01-12 16:39 . 2007-07-09 16:11 -------- d-----w- c:\program files\FlexLM
2010-01-12 16:38 . 2008-11-26 17:52 247040 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-12 16:38 . 2008-11-26 17:52 601244 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-11 22:36 . 2007-09-14 15:47 -------- d-----w- c:\program files\Monkey's Audio
2010-01-08 21:09 . 2007-01-29 21:58 -------- d-----w- c:\documents and settings\dspear.HM\Application Data\Azureus
2010-01-04 20:06 . 2006-11-22 20:30 -------- d-----w- c:\documents and settings\dspear.HM\Application Data\Webshots
2009-12-21 15:14 . 2008-12-02 21:18 256 ----a-w- c:\documents and settings\dspear.HM\pool.bin
2009-12-17 20:27 . 2008-03-20 19:40 1824 ----a-w- c:\documents and settings\dspear.HM\SDM-2.4-851W-c850-advsecurityk9-mz.124-4.T8.bin
2009-12-17 10:58 . 2006-11-10 03:56 -------- d-----w- c:\program files\Google
2009-12-16 17:55 . 2009-12-03 19:55 -------- d-----w- c:\documents and settings\dspear.HM\Application Data\Download Manager
2009-12-16 17:06 . 2006-11-10 03:56 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-01 17:17 . 2006-12-20 20:31 -------- d-----w- c:\program files\Common Files\Real
2009-12-01 17:17 . 2009-12-01 17:17 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-26 16:15 . 2009-11-25 00:15 -------- d-----w- c:\documents and settings\dspear.HM\Application Data\U3
2009-11-24 23:19 . 2009-11-24 23:19 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-24 22:42 . 2009-11-24 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-11-24 22:41 . 2007-01-29 21:58 -------- d-----w- c:\program files\Azureus
2009-11-24 22:41 . 2009-11-24 22:41 -------- d-----w- c:\program files\AskBarDis
2009-11-17 22:54 . 2009-11-17 22:54 -------- d-----w- c:\program files\Free Audio Pack
2009-11-17 20:34 . 2009-11-17 20:34 -------- d-----w- c:\program files\Xvid
2009-11-17 19:58 . 2008-12-16 22:33 -------- d-----w- c:\program files\DivX
2009-11-17 17:15 . 2009-11-16 22:40 -------- d-----w- c:\documents and settings\dspear.HM\Application Data\AVS4YOU
2009-11-17 17:15 . 2009-11-12 20:42 -------- d-----w- c:\documents and settings\dspear.HM\Application Data\Octoshape
2009-11-16 22:46 . 2009-11-16 22:36 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-16 22:46 . 2009-11-16 22:35 -------- d-----w- c:\program files\AVS4YOU
2009-11-16 22:40 . 2009-11-16 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-11-11 16:09 . 2009-11-11 16:09 45056 ----a-w- c:\documents and settings\dspear.HM\Application Data\Microsoft\Installer\{03976679-72F0-4EA6-9BAD-CDCDF04B06A3}\NewShortcut1_A80EDC6C85754FF6B838BB92A8E49DC5.exe
2009-11-11 16:09 . 2009-11-11 16:09 8966 ----a-r- c:\documents and settings\dspear.HM\Application Data\Microsoft\Installer\{03976679-72F0-4EA6-9BAD-CDCDF04B06A3}\ARPPRODUCTICON.exe
2009-10-29 07:45 . 2004-08-11 23:00 916480 ------w- c:\windows\system32\wininet.dll
2007-07-12 18:45 . 2007-07-12 18:45 10 ----a-w- c:\program files\settings.dat
2002-11-21 19:56 . 2002-11-21 19:56 153600 ----a-w- c:\program files\hdi.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RIMDeviceManager "= "c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2008-08-01 1422608]
"Octoshape Streaming Services "= "c:\documents and settings\dspear.HM\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"Synchronization Manager "= "c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"Acrobat Assistant 7.0 "= "c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"Logitech Utility "= "Logi_MwX.Exe" [2003-11-07 19968]
"Hard Drive Indicator "= "c:\program files\hdi.exe" [2002-11-21 153600]
"RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Tsa.exe "= "c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2008-09-18 3228912]
"PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [BU]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-01 198160]
"RKLauncher "= "c:\program files\RKLauncher\RKLauncher.exe" [2005-09-15 368640]

c:\documents and settings\dspear.HM\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-11-22 45056]

c:\documents and settings\dspear.HM\Start Menu\Programs\Startup\AutorunsDisabled
HotSync Manager.lnk - c:\program files\Palm\HotSWizard.exe [2003-3-21 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-2-13 25214]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2009-8-19 6144]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD "= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Octoshape Streaming Services "= "c:\documents and settings\dspear.HM\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME> "=
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"PWRISOVM.EXE "=c:\program files\PowerISO\PWRISOVM.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Common Files\\Research In Motion\\USB Drivers\\BbDevMgr.exe "=
"c:\\Program Files\\Webshots\\Webshots.scr "=
"c:\\Program Files\\WinZip\\WINZIP32.EXE "=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe "=
"c:\\Program Files\\ASPMonitor\\ASMonitor.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-11-24 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-11-24 234888]
R2 FlexLM 1;FlexLM 1;c:\program files\FlexLM\lmgrd.exe [2007-07-09 962560]
R2 SpPortEx;Samsung Port Exclusion;c:\windows\system32\drivers\SpPortEx.sys [2006-12-12 7168]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 135664]
S3 Radialpoint Security Services;TELUS security services;c:\program files\TELUS\TELUS security services\RpsSecurityAwareR.exe [2008-10-09 96496]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-01 26624]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\dspear.HM\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [2008-02-06 32768]
.
Contents of the 'Scheduled Tasks' folder

2010-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 22:48]

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 22:48]

2010-01-12 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-11-18 23:31]

2008-12-04 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-12-02 23:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 127.0.0.1:4001
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\dspear.HM\Application Data\Mozilla\Firefox\Profiles\default.dzh\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\dspear.HM\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_19\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_19\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_19\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_19\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_19\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_19\bin\NPJPI150_19.dll
FF - plugin: c:\program files\Java\jre1.5.0_19\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\TELUS\TELUS security advisor\nprpspa.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 09:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1716)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(3220)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-12 09:06:06
ComboFix-quarantined-files.txt 2010-01-12 17:06

Pre-Run: 6,198,546,432 bytes free
Post-Run: 6,179,811,328 bytes free

- - End Of File - - 8528A3B7330ABAF2A42C87CBC1CEB964