TechSpot

Web Search Engine Redirect activity

By LordMagoo
Jul 10, 2011
  1. As per the various other posts, I appear to have picked up a variety of the infamour Google Redirect virus. The primary behavior is that links clicked from searches in google open pages other than those indicated by the link. Interestingly, if I close the window that opened and click the original link again it loads the correct page. I'm receiving the same behavior from Yahoo as well.
    I have run my Norton Internet Security, Malwarebytes, and the Microsoft Malicious software removal tool, and the behavior persists.
    I should also note, I have both a desktop and a laptop and recently (3 days ago) moved from one house to another. I did not have any apparent virus at the previous residence on either system, but as soon as I was connected to the wireless internet at the new address and tried running web searches both Laptop and Desktop displayed this behavior.
    I have followed the steps posted at the top of the forum and have the following notes:
    1: Malwarebytes would not update, following window pops up:
    An Error has occurred. Please report this error to our support team.
    PROGRAM_ERROR_UPDATING (11001, 0, Host not found)
    No such host is known

    Malware otherwise runs correctly
    2:GMER and DDS appear to run correctly, but DDS has not presented me with an Attach.txt log, only the dds.txt log.

    I await further instruction before posting the logs I have thus far (in case there's a way I'm missing to get Malware to properly update and the Attach.txt log).
    Thank you in advance for your assistance!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please post as many logs as you can.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. LordMagoo

    LordMagoo TS Rookie Topic Starter Posts: 27

    Thank you. I'm dense, the attach.txt log was just minimized, I was looking for a file on the desktop. logs follow:
    Malwarebytes log:
    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6705

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/10/2011 11:20:29 AM
    mbam-log-2011-07-10 (11-20-29).txt

    Scan type: Quick scan
    Objects scanned: 182110
    Time elapsed: 1 hour(s), 31 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Bad: (213.109.68.247) Good: () -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Bad: (213.109.73.249) Good: () -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA42D562-4E67-45DF-9F9D-927A80054CF8}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (213.109.68.247) Good: () -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA42D562-4E67-45DF-9F9D-927A80054CF8}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (213.109.73.249) Good: () -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    DDS log:
    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Owner at 11:41:15 on 2011-07-10
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1447 [GMT -4:00]
    .
    AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\sesinetd.exe
    C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://srch-us10.hpwis.com/
    uDefault_Page_URL = hxxp://us10.hpwis.com/
    uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
    uSearch Bar = hxxp://srch-us10.hpwis.com/
    mSearch Bar = hxxp://srch-us10.hpwis.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost;*.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
    TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
    TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
    EB: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [BackupNotify] "c:\program files\hp\digital imaging\bin\backupnotify.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [CamMonitor] "c:\program files\hp\digital imaging\unload\hpqcmon.exe"
    mRun: [KBD] c:\hp\kbd\KBD.EXE
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [LTMSG] LTMSG.exe 7
    mRun: [PS2] c:\windows\system32\ps2.exe
    mRun: [Sunkist2k] "c:\program files\multimedia card reader\shwicon2k.exe"
    mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
    mRun: [AlcxMonitor] ALCXMNTR.EXE
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
    mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
    mRun: [Omnipage] "c:\program files\scansoft\omnipagese\opware32.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSub.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
    uPolicies-explorer: NoThemesTab = 0 (0x0)
    uPolicies-system: NoDispAppearancePage = 0 (0x0)
    uPolicies-system: NoColorChoice = 0 (0x0)
    uPolicies-system: NoSizeChoice = 0 (0x0)
    uPolicies-system: NoVisualStyleChoice = 0 (0x0)
    uPolicies-system: NoDispSettingsPage = 0 (0x0)
    IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    LSP: SpSubLSP.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
    DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
    DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-2 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-2 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110701.001\BHDrvx86.sys [2011-7-5 810616]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-7-24 93872]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-2 136312]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-22 24652]
    R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2011-7-7 285152]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-16 105592]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110708.032\IDSXpx86.sys [2011-7-9 355256]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110709.002\NAVENG.SYS [2011-7-9 86008]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110709.002\NAVEX15.SYS [2011-7-9 1542392]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-7 136176]
    S2 mrtRate;mrtRate; [x]
    S3 asbp2poa;asbp2poa;\??\c:\docume~1\owner\locals~1\temp\asbp2poa.sys --> c:\docume~1\owner\locals~1\temp\asbp2poa.sys [?]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2011-7-7 642432]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-7 136176]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-1 39984]
    S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-7-7 50704]
    .
    =============== Created Last 30 ================
    .
    2011-07-07 22:59:10 642432 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys
    2011-07-07 22:59:04 53299 ----a-w- c:\windows\system32\pthreadVC.dll
    2011-07-07 22:59:04 50704 ----a-w- c:\windows\system32\drivers\npf.sys
    2011-07-07 22:59:04 281104 ----a-w- c:\windows\system32\wpcap.dll
    2011-07-07 22:59:04 100880 ----a-w- c:\windows\system32\Packet.dll
    2011-07-07 22:58:59 -------- d-----w- c:\program files\NETGEAR
    2011-07-07 19:13:47 -------- d-----w- C:\Linksys Driver
    2011-06-15 03:36:07 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    .
    ==================== Find3M ====================
    .
    2011-06-06 20:10:06 398760 ----a-r- c:\windows\system32\cpnprt2.cid
    2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-17 18:15:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-02 23:16:19 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-05-02 23:16:19 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    .
    ============= FINISH: 11:42:46.67 ===============
     
  4. LordMagoo

    LordMagoo TS Rookie Topic Starter Posts: 27

    Attach.txt log:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/12/2004 7:58:12 PM
    System Uptime: 7/10/2011 11:22:42 AM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | 'P4SD-LA'
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 147 GiB total, 2.658 GiB free.
    D: is FIXED (FAT32) - 6 GiB total, 0.931 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP712: 4/12/2011 8:25:25 AM - System Checkpoint
    RP713: 4/13/2011 1:14:00 PM - System Checkpoint
    RP714: 4/15/2011 3:40:42 AM - System Checkpoint
    RP715: 4/16/2011 2:04:12 PM - System Checkpoint
    RP716: 4/17/2011 5:15:03 PM - System Checkpoint
    RP717: 4/18/2011 11:21:28 PM - System Checkpoint
    RP718: 4/19/2011 11:31:46 PM - System Checkpoint
    RP719: 4/21/2011 12:20:31 AM - System Checkpoint
    RP720: 4/22/2011 1:21:29 AM - System Checkpoint
    RP721: 4/23/2011 3:34:19 AM - System Checkpoint
    RP722: 4/24/2011 2:46:02 PM - System Checkpoint
    RP723: 4/26/2011 3:12:25 AM - System Checkpoint
    RP724: 4/27/2011 3:23:37 AM - System Checkpoint
    RP725: 4/28/2011 3:24:11 AM - System Checkpoint
    RP726: 4/29/2011 11:38:17 AM - System Checkpoint
    RP727: 4/30/2011 12:58:00 PM - System Checkpoint
    RP728: 5/1/2011 2:07:45 PM - System Checkpoint
    RP729: 5/2/2011 3:38:33 PM - System Checkpoint
    RP730: 5/3/2011 12:24:08 PM - Software Distribution Service 3.0
    RP731: 5/4/2011 3:42:30 PM - System Checkpoint
    RP732: 5/6/2011 1:50:33 AM - System Checkpoint
    RP733: 5/7/2011 2:44:34 AM - System Checkpoint
    RP734: 5/8/2011 3:20:50 AM - System Checkpoint
    RP735: 5/9/2011 3:22:54 AM - System Checkpoint
    RP736: 5/10/2011 5:20:24 PM - System Checkpoint
    RP737: 5/11/2011 8:51:10 PM - System Checkpoint
    RP738: 5/13/2011 3:25:52 AM - System Checkpoint
    RP739: 5/14/2011 5:14:27 PM - System Checkpoint
    RP740: 5/16/2011 1:39:47 AM - System Checkpoint
    RP741: 5/17/2011 12:42:44 AM - Software Distribution Service 3.0
    RP742: 5/18/2011 3:28:55 AM - System Checkpoint
    RP743: 5/19/2011 3:43:31 AM - System Checkpoint
    RP744: 5/20/2011 2:32:12 PM - System Checkpoint
    RP745: 5/22/2011 3:15:14 AM - System Checkpoint
    RP746: 5/23/2011 3:29:49 AM - System Checkpoint
    RP747: 5/24/2011 10:55:23 AM - System Checkpoint
    RP748: 5/25/2011 4:17:51 PM - System Checkpoint
    RP749: 5/27/2011 1:24:37 AM - System Checkpoint
    RP750: 5/28/2011 3:09:47 AM - System Checkpoint
    RP751: 5/29/2011 2:02:40 PM - System Checkpoint
    RP752: 5/30/2011 3:28:22 PM - System Checkpoint
    RP753: 5/31/2011 4:24:16 PM - System Checkpoint
    RP754: 6/1/2011 7:21:24 PM - System Checkpoint
    RP755: 6/3/2011 3:46:28 AM - System Checkpoint
    RP756: 6/4/2011 4:44:33 AM - System Checkpoint
    RP757: 6/5/2011 6:40:36 AM - System Checkpoint
    RP758: 6/6/2011 6:06:55 PM - System Checkpoint
    RP759: 6/8/2011 2:22:45 AM - System Checkpoint
    RP760: 6/9/2011 5:46:38 AM - System Checkpoint
    RP761: 6/14/2011 2:30:28 AM - System Checkpoint
    RP762: 6/15/2011 4:08:18 AM - System Checkpoint
    RP763: 6/16/2011 4:27:29 AM - System Checkpoint
    RP764: 6/20/2011 1:11:52 AM - System Checkpoint
    RP765: 6/21/2011 12:09:56 PM - System Checkpoint
    RP766: 6/22/2011 8:59:21 AM - Software Distribution Service 3.0
    RP767: 6/23/2011 1:06:53 PM - Removed Linksys Wireless-G USB Network Adapter
    RP768: 6/24/2011 3:11:09 PM - System Checkpoint
    RP769: 6/25/2011 6:36:36 PM - System Checkpoint
    RP770: 6/26/2011 6:55:53 PM - System Checkpoint
    RP771: 6/27/2011 7:55:52 PM - System Checkpoint
    RP772: 6/29/2011 4:09:41 AM - Software Distribution Service 3.0
    RP773: 6/30/2011 5:00:39 AM - System Checkpoint
    RP774: 7/2/2011 6:50:06 AM - System Checkpoint
    RP775: 7/3/2011 2:57:46 PM - System Checkpoint
    RP776: 7/5/2011 4:04:00 AM - System Checkpoint
    RP777: 7/7/2011 2:38:36 PM - Installed Linksys Wireless-G USB Network Adapter
    RP778: 7/7/2011 3:32:03 PM - Removed Linksys Wireless-G USB Network Adapter
    RP779: 7/7/2011 3:38:24 PM - Installed Linksys Wireless-G USB Network Adapter
    RP780: 7/7/2011 3:56:44 PM - Unsigned driver install
    RP781: 7/7/2011 3:59:43 PM - Removed Linksys Wireless-G USB Network Adapter
    RP782: 7/7/2011 4:09:20 PM - Installed Linksys Wireless-G USB Network Adapter
    RP783: 7/7/2011 4:21:12 PM - Removed Linksys Wireless-G USB Network Adapter
    RP784: 7/7/2011 4:25:48 PM - Installed Linksys Wireless-G USB Network Adapter
    RP785: 7/7/2011 4:26:48 PM - Unsigned driver install
    RP786: 7/7/2011 5:08:46 PM - Removed Linksys Wireless-G USB Network Adapter
    RP787: 7/7/2011 6:58:58 PM - Installed NETGEAR WNA3100 wireless USB 2.0 adapter
    RP788: 7/7/2011 7:32:50 PM - Restore Operation
    RP789: 7/7/2011 7:39:44 PM - Restore Operation
    RP790: 7/7/2011 7:42:50 PM - Restore Operation
    RP791: 7/7/2011 7:45:46 PM - Restore Operation
    RP792: 7/7/2011 7:48:30 PM - Restore Operation
    RP793: 7/9/2011 5:32:03 AM - System Checkpoint
    RP794: 7/10/2011 7:15:50 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    AC3Filter (remove only)
    Acrobat.com
    Adobe Acrobat 5.0
    Adobe After Effects 7.0
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Premiere Pro
    Adobe Reader 9.4.5
    Adobe Shockwave Player
    Adobe Stock Photos 1.0
    AiO_Scan
    AIOMinimal
    AiOSoftware
    Anime Studio Pro 6.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoBase 3
    ArcSoft PhotoStudio 5
    ArcSoft ShowBiz 2
    Autodesk 3ds Max 8
    Autodesk DirectConnect 2.0
    AutoUpdate
    Azureus
    Backburner
    Black & White Creature Isle
    Black and White
    Bonjour
    Copy
    Corel Painter Essentials 2
    Corel Painter Essentials 4
    Coupon Printer for Windows
    CreativeProjects
    Critical Update for Windows Media Player 11 (KB959772)
    Diablo II
    Director
    DivX Codec
    DocProc
    Download Manager 2.3.7
    exPressit S.E. 2.1
    Fax
    GLOBEtrotter FLEXid Drivers
    Google Earth
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Houdini 9.0.747
    hp deskjet 5100
    HP Deskjet Preloaded Printer Drivers
    HP Instant Support
    HP Organize
    HP Photo & Imaging 3.1
    HP Photo and Imaging 2.0 - Photosmart Cameras
    HP Product Detection
    HP PSC & OfficeJet 3.0
    HP Software Update
    HPIZ311
    hpmdtab
    HpSdpAppCoreApp
    HPSystemDiagnostics
    InstantShare
    Intel(R) Extreme Graphics Driver
    IntelliMover Data Transfer Demo
    InterVideo MediaOne Gallery
    InterVideo WinDVD Player
    iTunes
    Java 2 Runtime Environment, SE v1.4.2
    KBD
    Keylight (1.0v4) Demo for Adobe After Effects
    Magic Bullet Suite 2.0
    Magic Bullet Suite 2.1
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Maya 2008
    Maya 2008 Documentation (en_US)
    MechWarrior Vengeance
    Memories Disc Creator 2.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft IntelliPoint 6.2
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Plus! Digital Media Edition
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works 7.0
    Microsoft XML Parser
    Move Media Player
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Multimedia Card Reader
    MUSICMATCH® Jukebox
    Nero 7
    neroxml
    NETGEAR WNA3100 wireless USB 2.0 adapter
    nik Color Efex Pro 2.0 IE
    Norton Internet Security
    Norton Utilities
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    OmniPage SE
    PC-Doctor for Windows
    PhotoGallery
    Photosmart 140,240,7200,7600,7700,7900 Series
    PowerISO
    PrintScreen
    PS2
    PSShortcutsP
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    QFolder
    Quicken 2004
    QuickProjects
    QuickTime
    Readme
    RealPlayer
    REALTEK Gigabit and Fast Ethernet NIC Driver
    RecordNow!
    RollerCoaster Tycoon 3
    Safari
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sentinel System Driver
    Sid Meier's Civilization 4
    Sid Meier's Pirates!
    SkinsHP1
    SkinsHP2
    Sonic Update Manager
    Sony Sound Forge 8.0b
    SpamSubtract
    Starcraft
    StarCraft II
    System Requirements Lab
    TrayApp
    UniUploader
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Updates from HP
    Vampire - The Masquerade Bloodlines
    Ventrilo Client
    VideoLAN VLC media player 0.8.6f
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Vue 6 xStream 32bit
    Wacom Tablet
    Warcraft III: All Products
    Water 1.03. for Adobe After Effects
    WD Diagnostics
    WeatherBug
    WebFldrs XP
    WebReg
    WildTangent Web Driver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip
    World of Warcraft
    ZBrush3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/7/2011 4:23:33 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
    7/7/2011 3:47:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NIS service.
    7/7/2011 2:43:28 PM, error: Service Control Manager [7023] - The iPod Service service terminated with the following error: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed once initialized.
    7/4/2011 2:48:56 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    .
    ==== End Of File ===========================
     
  5. LordMagoo

    LordMagoo TS Rookie Topic Starter Posts: 27

    GMER log:
    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-07-10 11:36:53
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y160P0 rev.YAR41BW0
    Running: w5yw6nh8.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxldypob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  6. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
     
  7. LordMagoo

    LordMagoo TS Rookie Topic Starter Posts: 27

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/11/2011 at 00:52 AM

    Application Version : 4.55.1000

    Core Rules Database Version : 7392
    Trace Rules Database Version: 5204

    Scan type : Complete Scan
    Total Scan Time : 09:28:48

    Memory items scanned : 220
    Memory threats detected : 0
    Registry items scanned : 9659
    Registry threats detected : 5
    File items scanned : 224501
    File threats detected : 0

    Rogue.Component/Trace
    HKLM\Software\Microsoft\20DDE9B3
    HKLM\Software\Microsoft\20DDE9B3#20dde9b3
    HKLM\Software\Microsoft\20DDE9B3#Version
    HKLM\Software\Microsoft\20DDE9B3#red_srv
    HKLM\Software\Microsoft\20DDE9B3#red_srv_bckp
     
  8. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Good :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. LordMagoo

    LordMagoo TS Rookie Topic Starter Posts: 27

    I did unfortunately have to uninstall and reinstall the netgear wireless program.driver for my USB wireless adapter, as I could not reconnect to the internet after running combofix despite rebooting the system twice, and the allready present installation of the netgear wizard would not open. Hope that isn't a drastic issue. Logs follow:

    aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
    Run date: 2011-07-11 12:53:24
    -----------------------------
    12:53:24.171 OS Version: Windows 5.1.2600 Service Pack 3
    12:53:24.171 Number of processors: 2 586 0x303
    12:53:24.171 ComputerName: MAGUS UserName: Owner
    12:53:25.375 Initialize success
    12:54:04.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    12:54:04.781 Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 156334MB BusType: 3
    12:54:06.812 Disk 0 MBR read successfully
    12:54:06.812 Disk 0 MBR scan
    12:54:06.812 Disk 0 unknown MBR code
    12:54:08.812 Disk 0 scanning sectors +320150880
    12:54:08.828 Disk 0 scanning C:\WINDOWS\system32\drivers
    12:54:25.921 Service scanning
    12:54:27.390 Disk 0 trace - called modules:
    12:54:27.406 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    12:54:27.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a76aab8]
    12:54:27.421 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000075[0x8a771f18]
    12:54:27.421 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a752d98]
    12:54:27.437 Scan finished successfully
    12:55:38.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
    12:55:38.968 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

    Combofix log:
    ComboFix 11-07-11.02 - Owner 07/11/2011 13:07:45.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1313 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Owner\WINDOWS
    C:\LHT5C.tmp
    C:\LHT5F.tmp
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\ps2.bat
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-11 17:04 . 2011-07-11 17:04 -------- d-----w- C:\32788R22FWJFW
    2011-07-10 18:56 . 2011-07-10 18:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2011-07-10 18:50 . 2011-07-10 18:50 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
    2011-07-10 18:50 . 2011-07-10 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-07-10 18:50 . 2011-07-10 18:50 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-07-07 22:59 . 2009-11-06 12:26 642432 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys
    2011-07-07 22:58 . 2011-07-07 22:58 -------- d-----w- c:\program files\NETGEAR
    2011-07-07 22:58 . 2011-07-07 22:58 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
    2011-07-07 19:13 . 2011-07-07 19:13 -------- d-----w- C:\Linksys Driver
    2011-06-15 03:36 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-06 20:10 . 2011-06-06 20:10 398760 ----a-r- c:\windows\system32\cpnprt2.cid
    2011-05-29 13:11 . 2009-03-01 07:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11 . 2009-03-01 07:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-17 18:15 . 2011-05-17 18:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-02 23:16 . 2010-03-29 06:06 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-05-02 23:16 . 2010-03-29 06:06 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-05-02 15:31 . 2004-06-07 18:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25 . 2003-11-05 23:24 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19 . 2003-10-11 02:22 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11 . 2003-11-06 00:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11 . 2003-11-06 00:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2003-11-06 00:06 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576]
    "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LTMSG"="LTMSG.exe 7" [X]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
    "CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
    "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
    "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-15 139264]
    "mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 53248]
    "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-27 172032]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    .
    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-31 113664]
    spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 557056]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
    NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-7-7 4577760]
    Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]
    TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2010-11-23 77824]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\Warcraft III\\war3.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-1.2.1-patch-enUS-Downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-1.2.4-to-1.3.0-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe"=
    "c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe"=
    "c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\CreatureIsle\\CreatureIsle.exe"=
    "c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
    "c:\\WINDOWS\\system32\\mshta.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
    "c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
    "c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
    "c:\\Program Files\\Autodesk\\backburner\\server.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\msncall.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\e-on software\\Vue 6 xStream\\Application\\Vue 6 xStream.eon"=
    "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:WoW
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [5/2/2011 7:16 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [5/2/2011 7:16 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [7/5/2011 4:18 PM 810616]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [7/24/2010 2:44 AM 93872]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [5/2/2011 7:16 PM 136312]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 7:15 PM 130008]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/22/2007 9:24 AM 24652]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [7/7/2011 6:59 PM 642432]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/16/2011 10:09 PM 105592]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110708.032\IDSXpx86.sys [7/9/2011 3:35 AM 355256]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2011 2:06 AM 136176]
    S2 mrtRate;mrtRate; [x]
    S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [7/7/2011 6:59 PM 285152]
    S3 asbp2poa;asbp2poa;\??\c:\docume~1\Owner\LOCALS~1\Temp\asbp2poa.sys --> c:\docume~1\Owner\LOCALS~1\Temp\asbp2poa.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2011 2:06 AM 136176]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/1/2009 3:29 AM 39984]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
    .
    2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-07 06:06]
    .
    2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-07 06:06]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
    mSearch Bar = hxxp://srch-us10.hpwis.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost;*.local
    IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    LSP: SpSubLSP.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-nwiz - nwiz.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-11 13:43
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2556506642-3858498548-2755462736-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:e9,be,6e,46,28,d0,e5,62,4a,08,fa,24,d9,5d,2d,cd,7a,0b,45,06,a4,
    21,d7,b2,a2,e8,8a,2d,3b,db,61,98,04,93,8c,0e,55,2b,56,24,77,c2,5e,33,d6,0f,\
    .
    [HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
    @DACL=
    "DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
    @DACL=
    "CTE_32 Name"="2454371:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{8FB4B813-B786-EE60-C211-419E1497D088}\Version 1.1]
    @DACL=
    "dat"="806585365:{FA6F679B-85DC-7D4C-F168-74E1C5DF5292}"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ôw*]
    "91A14B995DF7C0B42ABAA16065968F3A"="c:\\Program Files\\Alias\\Maya7.0\\presets\\Ashli\\"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
    "91A14B995DF7C0B42ABAA16065968F3A"="c:\\Program Files\\Alias\\Maya7.0\\presets\\Ashli\\"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
    @DACL=
    "DefaultSettings"="2454392:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{8FB4B813-B786-EE60-C211-419E1497D088}\Version 3.x]
    @DACL=
    "dat"="1767914624:{28C6B431-8CF6-BEF0-5E73-3369657830C5}"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]
    @DACL=
    "KnownSvcs"="923713937:{3E943347-D974-E669-3DD4-3B4525BDC998}"
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:e9,be,6e,46,28,d0,e5,62,4a,08,fa,24,d9,5d,2d,cd,7a,0b,45,06,a4,
    21,d7,b2,a2,e8,8a,2d,3b,db,61,98,04,93,8c,0e,55,2b,56,24,77,c2,5e,33,d6,0f,\
    .
    [HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{7D663E07-51FC-ED4F-793B-4BC07A7CD4E3}\xga-1\Install*Loc]
    @DACL=
    "{19620715-0001-1211-574574-30001}"="234520645:{BED760B6-4FA2-0B60-80FF-6645A63B552E}"
    .
    [HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
    @DACL=
    "CTE_32 Name"="1:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1000)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'lsass.exe'(1056)
    c:\windows\system32\SpSubLSP.dll
    .
    - - - - - - - > 'explorer.exe'(1340)
    c:\windows\system32\WININET.dll
    c:\windows\system32\tabhook.dll
    c:\program files\ScanSoft\OmniPageSE\ophook32.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\sesinetd.exe
    c:\windows\system32\PSIService.exe
    c:\windows\system32\Tablet.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\windows\LTMSG.exe
    c:\windows\ALCXMNTR.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\Microsoft IntelliPoint\dpupdchk.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-07-11 13:55:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-07-11 17:55
    .
    Pre-Run: 1,948,917,760 bytes free
    Post-Run: 2,169,835,520 bytes free
    .
    - - End Of File - - 736D7AAB6199F4375F4C5E0112A4316E
     
  10. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    How is redirection?

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ============================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. LordMagoo

    LordMagoo TS Rookie Topic Starter Posts: 27

    No luck yet, I'm still getting redirected. Also, I might not have noticed the behavior earlier because as soon as I saw the google redicrection I cut down my browsing activity trying and focused on finding a fix, but I have noticed posting here and following some of the forum links that I'm also getting seperate browser windows opening (full screen pop ups behind my active window) occasionally while a new page is loading.
    scan logs as requested:

    OTL logfile created on: 7/11/2011 8:45:57 PM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 67.93% Memory free
    2.60 Gb Paging File | 2.15 Gb Available in Paging File | 82.64% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 147.14 Gb Total Space | 1.95 Gb Free Space | 1.33% Space Free | Partition Type: NTFS
    Drive D: | 5.50 Gb Total Space | 0.93 Gb Free Space | 16.91% Space Free | Partition Type: FAT32

    Computer Name: MAGUS | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/11 20:43:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
    PRC - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    PRC - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
    PRC - [2008/05/17 01:18:22 | 002,138,112 | ---- | M] (Side Effects Software Inc.) -- C:\WINDOWS\system32\sesinetd.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
    PRC - [2006/07/10 02:10:53 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    PRC - [2005/09/21 14:13:44 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    PRC - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    PRC - [2004/07/13 10:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
    PRC - [2004/07/13 10:45:05 | 000,077,824 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
    PRC - [2003/08/14 21:11:32 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    PRC - [2003/07/14 20:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
    PRC - [2003/07/07 19:50:08 | 000,557,056 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    PRC - [2003/05/23 05:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
    PRC - [2003/03/27 04:34:12 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    PRC - [2002/10/07 10:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
    PRC - [2002/06/03 12:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/07/11 20:43:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll
    MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
    MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2004/07/13 10:40:28 | 000,044,544 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll
    MOD - [2002/06/03 12:37:50 | 000,167,936 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
    SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
    SRV - [2008/05/17 01:18:22 | 002,138,112 | ---- | M] (Side Effects Software Inc.) [Auto | Running] -- C:\WINDOWS\system32\sesinetd.exe -- (HoudiniLicenseServer)
    SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2006/07/10 02:10:53 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2005/09/21 14:13:44 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -- (mi-raysat_3dsmax8)
    SRV - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
    SRV - [2004/07/13 10:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/07 17:01:40 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110708.032\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2011/05/19 15:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110701.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011/05/17 22:00:02 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110711.018\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/05/17 22:00:01 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110711.018\NAVENG.SYS -- (NAVENG)
    DRV - [2011/05/09 23:16:38 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/05/09 23:16:38 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/05/02 19:16:19 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
    DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
    DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
    DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/21 20:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
    DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
    DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
    DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
    DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
    DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
    DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
    DRV - [2007/04/09 08:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
    DRV - [2006/07/09 06:32:25 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
    DRV - [2005/04/13 17:31:30 | 000,239,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
    DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
    DRV - [2004/12/06 00:54:32 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
    DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/08/04 01:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
    DRV - [2004/04/23 23:43:00 | 000,374,752 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSBGXP.sys -- (PRISM_A02)
    DRV - [2004/02/17 06:49:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
    DRV - [2003/09/03 11:01:22 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2003/08/13 22:50:36 | 000,039,648 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
    DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
    DRV - [2003/07/02 02:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2003/06/19 04:59:00 | 000,140,800 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
    DRV - [2003/05/06 18:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2003/04/11 11:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
    DRV - [2003/02/20 19:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
    DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
    DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
    DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
    DRV - [2001/06/04 17:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2001/04/09 09:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)
    DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    IE - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..network.proxy.ftp: ":0"
    FF - prefs.js..network.proxy.gopher: ":0"
    FF - prefs.js..network.proxy.http: ":0"
    FF - prefs.js..network.proxy.no_proxies_on: "localhost"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: ":0"
    FF - prefs.js..network.proxy.ssl: ":0"

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/07/09 03:21:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_0_8 [2011/07/11 14:25:12 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Owner\Application Data\Move Networks [2009/10/22 22:18:41 | 000,000,000 | ---D | M]

    [2008/08/15 19:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vh9wclgl.default\extensions
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
    [2008/03/24 21:21:00 | 002,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

    O1 HOSTS File: ([2011/07/11 13:42:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
    O3 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
    O3 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
    O3 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
    O4 - HKLM..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe ()
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
    O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
    O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
    O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe ( )
    O4 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
    O4 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutorunsDisabled [2009/01/08 03:32:06 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
    O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab (Disney Online Games ActiveX Control)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (SysData Class)
    O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab (Malicious Software Removal Tool)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
    O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)
    O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.68.247 213.109.73.249
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/10/10 22:32:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2008/08/11 17:47:22 | 000,000,045 | ---- | M] () - D:\autorun.inf.vir -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
    Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/11 20:42:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2011/07/11 20:14:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/07/11 14:30:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2011/07/11 14:28:39 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
    [2011/07/11 14:28:39 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
    [2011/07/11 14:28:39 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
    [2011/07/11 14:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNA3100 Smart Wizard
    [2011/07/11 14:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
    [2011/07/11 14:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
    [2011/07/11 13:05:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/07/11 13:05:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/07/11 13:05:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/07/11 13:05:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/07/11 13:04:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/07/11 13:04:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/07/11 13:04:26 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/07/11 12:57:01 | 004,148,094 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2011/07/11 12:52:09 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    [2011/07/10 14:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    [2011/07/10 14:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/07/10 14:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/07/10 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/07/10 14:49:37 | 011,563,840 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    [2011/07/10 12:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\zfiles
    [2011/07/10 11:39:20 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2011/07/10 03:09:05 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
    [2011/07/10 00:29:33 | 002,558,968 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NPE.exe
    [2011/07/09 04:54:53 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\23kjasd123.com
    [2011/07/09 04:50:36 | 010,029,056 | ---- | C] (PC Tools Pty Ltd) -- C:\Documents and Settings\Owner\Desktop\HITScan.exe
    [2011/07/07 15:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\LinkSys
    [2011/07/07 15:13:47 | 000,000,000 | ---D | C] -- C:\Linksys Driver
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/07/11 20:43:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2011/07/11 20:16:14 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/07/11 18:35:18 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/07/11 14:32:01 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/07/11 14:32:01 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/07/11 14:28:38 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
    [2011/07/11 14:28:38 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
    [2011/07/11 14:25:37 | 000,272,437 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2011/07/11 14:25:19 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
    [2011/07/11 14:25:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/07/11 14:25:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/07/11 14:25:09 | 000,027,903 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
    [2011/07/11 14:25:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/07/11 14:24:55 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/11 13:42:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/07/11 12:57:16 | 004,148,094 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2011/07/11 12:55:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
    [2011/07/11 12:52:09 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    [2011/07/10 14:50:26 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/07/10 14:49:37 | 011,563,840 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    [2011/07/10 11:39:23 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2011/07/10 03:09:45 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/10 03:09:22 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
    [2011/07/10 00:29:33 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NPE.exe
    [2011/07/09 04:55:07 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\23kjasd123.com
    [2011/07/09 04:50:36 | 010,029,056 | ---- | M] (PC Tools Pty Ltd) -- C:\Documents and Settings\Owner\Desktop\HITScan.exe
    [2011/07/07 19:12:48 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
    [2011/07/07 16:25:27 | 000,001,383 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
    [2011/07/07 16:09:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/07/07 12:27:20 | 034,106,326 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WUSB54GCv2_wizard_1.0.0.8.0,0.zip
    [2011/07/06 00:02:58 | 000,169,472 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/05 18:29:42 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
    [2011/07/02 06:30:23 | 009,357,586 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tay_Zonday_Chocolate_Rain.mp3
    [2011/06/29 16:54:07 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [2011/06/22 09:25:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
  12. LordMagoo

    LordMagoo TS Rookie Topic Starter Posts: 27

    ========== Files Created - No Company Name ==========

    [2011/07/11 14:28:39 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2011/07/11 14:28:38 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
    [2011/07/11 14:28:38 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
    [2011/07/11 13:05:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/07/11 13:05:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/07/11 13:05:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/07/11 13:05:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/07/11 13:05:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/07/11 12:55:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
    [2011/07/11 00:55:40 | 2146,816,000 | -HS- | C] () -- C:\hiberfil.sys
    [2011/07/10 14:50:25 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/07/07 15:28:46 | 034,106,326 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WUSB54GCv2_wizard_1.0.0.8.0,0.zip
    [2011/07/07 14:38:23 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
    [2011/07/02 06:30:13 | 009,357,586 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Tay_Zonday_Chocolate_Rain.mp3
    [2011/01/04 21:57:46 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/01/04 21:52:37 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/11/23 13:48:53 | 000,027,903 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
    [2010/11/23 13:48:41 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
    [2010/11/20 05:02:05 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2010/09/29 04:35:50 | 000,050,864 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/04/30 14:47:56 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2010/04/07 00:26:05 | 000,030,048 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
    [2010/03/31 20:25:42 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
    [2009/10/05 03:29:41 | 000,000,276 | ---- | C] () -- C:\WINDOWS\TheMatrix.ini
    [2009/06/01 21:26:12 | 000,087,312 | ---- | C] () -- C:\WINDOWS\mws.exe
    [2008/08/15 19:53:38 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2008/08/15 19:41:16 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2008/08/15 19:33:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2007/10/12 12:19:30 | 000,005,012 | ---- | C] () -- C:\WINDOWS\System32\hserver.ini
    [2007/06/26 23:36:51 | 000,000,303 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
    [2007/06/26 23:36:45 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
    [2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
    [2007/05/29 20:02:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/02/23 00:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2007/01/10 08:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
    [2006/12/12 12:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2006/09/22 18:15:57 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2006/08/30 13:51:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/08/30 13:51:27 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/07/09 06:32:25 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
    [2006/07/09 06:32:16 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
    [2006/05/02 01:33:38 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
    [2005/12/16 00:13:59 | 000,003,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2005/10/13 00:58:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2005/10/01 13:34:15 | 000,001,295 | ---- | C] () -- C:\WINDOWS\checkip.dat
    [2005/10/01 13:30:14 | 000,001,297 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
    [2005/08/31 16:26:12 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
    [2005/04/30 13:37:31 | 000,035,190 | ---- | C] () -- C:\WINDOWS\scunin.dat
    [2005/01/20 01:38:28 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
    [2005/01/11 23:37:21 | 000,062,398 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
    [2005/01/01 02:44:11 | 000,000,285 | ---- | C] () -- C:\WINDOWS\vtmb.ini
    [2004/09/10 22:54:23 | 000,001,011 | ---- | C] () -- C:\WINDOWS\vampire.ini
    [2004/08/21 13:03:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/07/19 09:17:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
    [2004/07/11 23:10:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2004/07/11 21:02:12 | 000,000,813 | ---- | C] () -- C:\WINDOWS\eReg.dat
    [2004/05/24 16:54:43 | 000,000,085 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
    [2004/05/24 16:54:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
    [2004/05/01 10:24:05 | 000,169,472 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/02/14 18:47:01 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2004/02/14 17:57:00 | 000,007,326 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
    [2004/02/14 17:56:43 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
    [2004/02/12 23:23:54 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2004/02/12 23:23:54 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2004/02/12 23:23:54 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2004/02/12 23:22:40 | 000,038,390 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
    [2004/02/12 21:23:01 | 000,003,655 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
    [2003/11/05 20:06:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2003/11/05 20:06:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2003/11/05 20:06:56 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2003/11/05 20:06:51 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/11/05 20:06:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/11/05 20:06:24 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2003/11/05 20:06:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2003/11/05 20:05:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2003/11/05 20:04:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2003/10/14 01:41:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2003/10/14 01:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
    [2003/10/14 01:24:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
    [2003/10/13 18:52:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
    [2003/10/13 18:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
    [2003/10/11 04:15:25 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2003/10/11 01:33:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
    [2003/10/11 01:33:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
    [2003/10/11 01:33:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
    [2003/10/11 01:31:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
    [2003/10/11 01:29:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
    [2003/10/11 01:26:40 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
    [2003/10/11 01:24:47 | 000,030,203 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2003/10/11 01:24:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
    [2003/10/11 01:23:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2003/10/11 01:18:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2003/10/11 01:07:37 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2003/10/11 00:30:11 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
    [2003/10/11 00:30:06 | 000,018,403 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
    [2003/10/11 00:30:06 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
    [2003/10/11 00:12:25 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
    [2003/10/11 00:12:25 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
    [2003/10/10 23:47:15 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
    [2003/10/10 23:47:15 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
    [2003/10/10 23:39:27 | 000,014,676 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
    [2003/10/10 23:39:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
    [2003/10/10 23:25:30 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
    [2003/10/10 23:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
    [2003/10/10 23:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
    [2003/10/10 23:09:18 | 000,028,768 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
    [2003/10/10 23:09:18 | 000,024,670 | ---- | C] () -- C:\WINDOWS\System32\java.exe
    [2003/10/10 23:05:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/10/10 22:56:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
    [2003/10/10 22:56:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
    [2003/10/10 22:56:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2003/10/10 22:35:14 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2003/10/10 22:33:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2003/10/10 22:30:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2003/10/10 22:22:28 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2003/10/10 22:22:15 | 000,445,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2003/10/10 22:22:15 | 000,073,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2003/10/10 15:26:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/10/10 15:25:42 | 000,226,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2003/09/23 04:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/02/27 17:50:00 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll

    ========== LOP Check ==========

    [2003/10/14 01:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\interMute
    [2003/10/11 01:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
    [2006/07/10 02:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2007/05/29 00:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
    [2009/03/01 03:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
    [2007/11/01 22:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2007/11/01 22:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2007/11/01 22:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
    [2010/12/22 20:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/06/01 21:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2011/07/11 20:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/09/29 04:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/04/23 18:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2003/10/14 01:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\interMute
    [2003/10/11 01:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
    [2009/03/01 23:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
    [2005/09/05 19:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atari
    [2011/06/01 17:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
    [2011/06/08 22:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
    [2003/10/14 01:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
    [2005/01/20 01:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
    [2009/06/01 21:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
    [2004/03/15 10:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
    [2008/03/16 15:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lionhead Studios
    [2006/07/09 07:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MayaWebBrowser
    [2010/09/14 00:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
    [2010/08/08 22:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oberon Media
    [2008/06/10 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
    [2006/07/19 11:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
    [2003/10/11 01:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
    [2005/01/20 01:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
    [2010/12/22 20:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
    [2006/07/19 11:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
    [2010/02/23 18:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
    [2007/10/03 17:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
    [2006/01/05 11:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2003/10/10 22:32:03 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2004/02/12 20:54:40 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
    [2004/08/25 16:12:39 | 000,000,283 | RHS- | M] () -- C:\boot.ini
    [2002/08/29 15:00:00 | 000,245,920 | RHS- | M] () -- C:\cmldr
    [2011/07/11 13:55:56 | 000,017,265 | ---- | M] () -- C:\ComboFix.txt
    [2003/10/10 22:32:03 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/06/19 22:29:25 | 000,000,130 | ---- | M] () -- C:\debug.txt
    [2006/07/31 19:51:23 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
    [2011/07/11 14:24:55 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/11 20:41:40 | 000,222,823 | ---- | M] () -- C:\hpfr5100.log
    [2008/08/10 21:22:55 | 000,000,164 | ---- | M] () -- C:\install.dat
    [2006/09/22 18:16:02 | 000,001,207 | ---- | M] () -- C:\INSTALL.LOG
    [2003/10/10 22:32:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/06/25 02:00:45 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2003/10/10 22:32:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/02/02 12:02:33 | 000,001,041 | ---- | M] () -- C:\net_save.dna
    [2004/08/25 16:04:30 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/08/24 05:51:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/07/11 14:24:53 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
    [2008/08/13 19:59:28 | 000,009,078 | ---- | M] () -- C:\smitfiles.txt
    [2008/08/04 22:24:03 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
    [2008/08/10 13:35:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2008/08/10 13:35:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2008/08/11 20:00:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2008/08/13 19:29:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2008/07/15 22:15:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2008/07/15 22:19:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
    [2008/07/15 23:07:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
    [2008/07/16 00:39:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2008/07/16 18:14:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
    [2008/07/17 22:56:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2008/07/24 19:01:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2008/07/25 20:21:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2008/07/28 19:59:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2008/07/28 22:35:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
    [2008/08/01 19:09:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2008/08/03 14:08:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
    [2008/08/04 21:56:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
    [2008/08/04 22:10:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
    [2008/08/04 22:15:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
    [2008/08/04 22:24:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2008/08/10 13:35:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2008/08/10 13:35:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2008/08/11 20:00:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2008/08/13 19:29:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2008/07/15 22:15:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2008/07/15 22:19:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2008/07/15 23:07:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2008/07/16 00:39:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2008/07/16 18:14:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2008/07/17 22:56:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2008/07/24 19:01:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2008/07/25 20:21:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2008/07/28 19:59:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2008/07/28 22:35:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2008/08/01 19:09:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2008/08/03 14:08:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2008/08/04 21:56:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2008/08/04 22:10:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2008/08/04 22:15:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2011/07/09 04:59:00 | 000,049,970 | ---- | M] () -- C:\TDSSKiller.2.5.9.0_09.07.2011_04.58.16_log.txt
    [2011/07/09 12:45:44 | 000,050,392 | ---- | M] () -- C:\TDSSKiller.2.5.9.0_09.07.2011_12.45.04_log.txt
    [2010/11/03 17:07:30 | 000,001,270 | ---- | M] () -- C:\tracert.txt
    [2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2003/10/10 22:31:38 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 06:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2007/08/18 23:16:44 | 000,549,888 | ---- | M] () -- C:\WINDOWS\TheMatrix.scr
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011/07/07 22:04:24 | 000,001,658 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2003/10/10 15:25:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2003/10/10 15:25:03 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2003/10/10 15:25:03 | 000,385,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/08/24 05:55:19 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >
    [2003/10/10 22:53:25 | 000,014,609 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml1.srt
    [2003/10/10 22:53:25 | 000,014,118 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml2.srt
    [2003/10/10 22:53:25 | 000,015,559 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\tempdiff.txt

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2004/08/25 17:26:43 | 000,000,198 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2003/10/10 22:35:02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2009/05/31 18:58:05 | 003,219,456 | ---- | M] (Smith Micro Software, Inc.) -- C:\Documents and Settings\Owner\Desktop\Anime Studio Pro.exe
    [2011/07/11 12:52:09 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    [2011/07/11 12:57:16 | 004,148,094 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2011/07/09 04:50:36 | 010,029,056 | ---- | M] (PC Tools Pty Ltd) -- C:\Documents and Settings\Owner\Desktop\HITScan.exe
    [2011/07/10 03:09:22 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
    [2011/07/10 00:29:33 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NPE.exe
    [2011/07/11 20:43:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2011/04/03 14:35:56 | 000,231,224 | ---- | M] (Trusteer Ltd.) -- C:\Documents and Settings\Owner\Desktop\RapportSetup.exe
    [2011/07/10 14:49:37 | 011,563,840 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    [2010/07/23 23:05:35 | 091,250,688 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VIPRERescue6624.exe
    [2010/08/23 19:00:50 | 092,176,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VIPRERescue6778.exe
    [2011/07/07 23:09:09 | 013,487,560 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v3.20.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2004/08/25 17:26:43 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/07/11 20:44:25 | 000,360,448 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/08/29 08:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/08/20 22:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/08/20 22:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/21 01:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
    [2002/08/29 08:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/08/29 08:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/08/29 08:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/08/20 22:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 14:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1998/05/07 19:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:322EAACD
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
     
  13. LordMagoo

    LordMagoo TS Rookie Topic Starter Posts: 27

    OTL Extras logfile created on: 7/11/2011 8:45:57 PM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 67.93% Memory free
    2.60 Gb Paging File | 2.15 Gb Available in Paging File | 82.64% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 147.14 Gb Total Space | 1.95 Gb Free Space | 1.33% Space Free | Partition Type: NTFS
    Drive D: | 5.50 Gb Total Space | 0.93 Gb Free Space | 16.91% Space Free | Partition Type: FAT32

    Computer Name: MAGUS | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "3724:TCP" = 3724:TCP:*:Enabled:WoW

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
    "C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
    "C:\Program Files\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
    "C:\Program Files\World of Warcraft\WoW-1.2.4-to-1.3.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.2.4-to-1.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
    "C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
    "C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 -- ()
    "C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
    "C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
    "C:\Program Files\Lionhead Studios Ltd\Black & White\CreatureIsle\CreatureIsle.exe" = C:\Program Files\Lionhead Studios Ltd\Black & White\CreatureIsle\CreatureIsle.exe:*:Enabled:lh -- (LionHead Studios Ltd.)
    "C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe" = C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh -- (LionHead Studios Ltd.)
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
    "C:\Program Files\Autodesk\3dsMax8\3dsmax.exe" = C:\Program Files\Autodesk\3dsMax8\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8 -- (Autodesk, Inc.)
    "C:\Program Files\Autodesk\backburner\monitor.exe" = C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
    "C:\Program Files\Autodesk\backburner\manager.exe" = C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
    "C:\Program Files\Autodesk\backburner\server.exe" = C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
    "C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
    "C:\Program Files\e-on software\Vue 6 xStream\Application\Vue 6 xStream.eon" = C:\Program Files\e-on software\Vue 6 xStream\Application\Vue 6 xStream.eon:*:Enabled:Vue 6 xStream -- ()
    "C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
    "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
    "{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
    "{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
    "{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
    "{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
    "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
    "{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
    "{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
    "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
    "{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{253CA9FD-36D9-4E02-8EC7-9F17478BF1FF}" = Black & White Creature Isle
    "{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
    "{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
    "{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
    "{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
    "{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
    "{48EB9208-593D-4DC7-B613-9C5A210D87BA}" = Sony Sound Forge 8.0b
    "{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
    "{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
    "{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
    "{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
    "{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
    "{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
    "{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6C70ACE2-6EF2-4F8D-8C4A-78198AA979DD}" = Maya 2008 Documentation (en_US)
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
    "{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
    "{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
    "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
    "{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
    "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
    "{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
    "{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
    "{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
    "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{B946D46E-1302-48B4-84EE-B74C3191D975}" = Corel Painter Essentials 2
    "{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
    "{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}" = Autodesk DirectConnect 2.0
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
    "{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
    "{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
    "{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
    "{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
    "{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
    "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
    "{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
    "{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
    "{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
    "{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
    "{DA864DC0-0BF2-454B-A6A9-08A45EB97D3B}" = Maya 2008
    "{DBB313D6-4B13-4961-BD5F-673CDA1793CC}" = Autodesk 3ds Max 8
    "{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
    "{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
    "{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
    "{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ311
    "{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
    "{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
    "{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
    "{FCE50DB8-C610-4C42-BE5C-193F46C6F812}" = Windows Live Messenger
    "{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}" = hp deskjet 5100
    "AC3Filter" = AC3Filter (remove only)
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe After Effects 7.0" = Adobe After Effects 7.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Anime Studio Pro_is1" = Anime Studio Pro 6.0
    "Azureus" = Azureus
    "BackWeb-137903 Uninstaller" = Updates from HP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "Diablo II" = Diablo II
    "Download Manager" = Download Manager 2.3.7
    "exPressit S.E. 2.1" = exPressit S.E. 2.1
    "GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
    "Houdini 9.0.747" = Houdini 9.0.747
    "HP Instant Support" = HP Instant Support
    "HP Photo & Imaging" = HP Photo & Imaging 3.1
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
    "InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
    "InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
    "InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
    "Keylight (1.0v4) Demo for Adobe After Effects" = Keylight (1.0v4) Demo for Adobe After Effects
    "Magic Bullet Suite 2.0" = Magic Bullet Suite 2.0
    "Magic Bullet Suite 2.1" = Magic Bullet Suite 2.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
    "MechWarrior Vengeance" = MechWarrior Vengeance
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "nik Color Efex Pro 2.0 IE" = nik Color Efex Pro 2.0 IE
    "NIS" = Norton Internet Security
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Norton Utilities_is1" = Norton Utilities
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "PowerISO" = PowerISO
    "PS2" = PS2
    "Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
    "Python 2.2.1" = Python 2.2.1
    "Rainbow Sentinel Driver" = Sentinel System Driver
    "RealPlayer 6.0" = RealPlayer
    "SpamSubtract" = SpamSubtract
    "Starcraft" = Starcraft
    "StarCraft II" = StarCraft II
    "SystemRequirementsLab" = System Requirements Lab
    "UniUploader" = UniUploader
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "Vue 6 xStream 32bit" = Vue 6 xStream 32bit
    "Wacom Tablet Driver" = Wacom Tablet
    "Water v 1.03. for Adobe After Effects_is1" = Water 1.03. for Adobe After Effects
    "WeatherBug" = WeatherBug
    "WildTangent CDA" = WildTangent Web Driver
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "World of Warcraft" = World of Warcraft
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2556506642-3858498548-2755462736-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player
    "Warcraft III" = Warcraft III: All Products

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/27/2011 5:09:17 AM | Computer Name = MAGUS | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 7/10/2011 3:05:33 AM | Computer Name = MAGUS | Source = Application Error | ID = 1000
    Description = Faulting application mbam.exe, version 1.51.0.1074, faulting module
    msvbvm60.dll, version 6.0.98.2, fault address 0x000e450a.

    Error - 7/10/2011 3:05:36 AM | Computer Name = MAGUS | Source = Application Error | ID = 1001
    Description = Fault bucket -1828004515.

    [ System Events ]
    Error - 7/10/2011 3:15:34 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AFD BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL
    SCDEmu
    SRTSP
    SRTSPX
    SymIRON
    SYMTDI
    Tcpip
    WS2IFSL

    Error - 7/11/2011 12:54:22 AM | Computer Name = MAGUS | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 7/11/2011 12:55:58 AM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7000
    Description = The mrtRate service failed to start due to the following error: %%2

    Error - 7/11/2011 12:45:52 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7000
    Description = The mrtRate service failed to start due to the following error: %%2

    Error - 7/11/2011 1:07:11 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7034
    Description = The RaySat_3dsmax8 Server service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 7/11/2011 1:41:36 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7000
    Description = The mrtRate service failed to start due to the following error: %%2

    Error - 7/11/2011 1:42:12 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7034
    Description = The RaySat_3dsmax8 Server service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 7/11/2011 2:03:05 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7000
    Description = The mrtRate service failed to start due to the following error: %%2

    Error - 7/11/2011 2:12:08 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7000
    Description = The mrtRate service failed to start due to the following error: %%2

    Error - 7/11/2011 2:25:13 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7000
    Description = The mrtRate service failed to start due to the following error: %%2


    < End of report >
     
  14. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Yeah, I can see your DNS has been hijacked by Ukrainian malicious IP:
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.68.247 213.109.73.249

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE

    Re-run OTL and post fresh log. Only one log will be produced.
     
  15. LordMagoo

    LordMagoo TS Rookie Topic Starter Posts: 27

    Before I go handling the router, is this something that's on the router, or does it just need to be reset?
    reason I ask is I'm not the only person connecting to the router, there are 3 other laptops as well as the desktop I've been posting and working from that use the same router. (and as I mentioned originally my laptop is showing the same behavior, as is one of the other laptops, though that one is Linux)
    Basicly, my concern is would resetting the router be ineffective if other systems are having problems as well??
     
  16. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    No...............
     
  17. LordMagoo

    LordMagoo TS Rookie Topic Starter Posts: 27

    OK. I was mildly paranoid about that as the router was the only commonality :)
    I'll start going about that now, post the log when it's finished.
    really appreciate the assistance!
     
  18. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Sure thing :)
     
  19. LordMagoo

    LordMagoo TS Rookie Topic Starter Posts: 27

    OK, not sure I did this 100% correctly. the /release and /renew commands stated that they couldn't do anything, something to do with media being unplugged.
    (I note it looks like they were intended for my ethernet card which currently isn't in use as I'm using a usb wireless adapter to connect)
    I hit the reset button on the router until everything clearly went on and off, though the power indicator light stayed on.

    OTL logfile created on: 7/11/2011 10:20:25 PM - Run 2
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.35% Memory free
    2.60 Gb Paging File | 2.22 Gb Available in Paging File | 85.16% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 147.14 Gb Total Space | 1.92 Gb Free Space | 1.31% Space Free | Partition Type: NTFS
    Drive D: | 5.50 Gb Total Space | 0.93 Gb Free Space | 16.91% Space Free | Partition Type: FAT32

    Computer Name: MAGUS | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/11 20:43:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
    PRC - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    PRC - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
    PRC - [2008/05/17 01:18:22 | 002,138,112 | ---- | M] (Side Effects Software Inc.) -- C:\WINDOWS\system32\sesinetd.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
    PRC - [2006/07/10 02:10:53 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    PRC - [2005/09/21 14:13:44 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    PRC - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    PRC - [2004/07/13 10:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
    PRC - [2004/07/13 10:45:05 | 000,077,824 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
    PRC - [2003/08/19 11:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    PRC - [2003/08/14 21:11:32 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    PRC - [2003/07/14 20:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
    PRC - [2003/07/07 19:50:08 | 000,557,056 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    PRC - [2003/05/23 05:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
    PRC - [2003/03/27 04:34:12 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    PRC - [2002/10/07 10:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
    PRC - [2002/06/03 12:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/07/11 20:43:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll
    MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
    MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2004/07/13 10:40:28 | 000,044,544 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll
    MOD - [2002/06/03 12:37:50 | 000,167,936 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
    SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
    SRV - [2008/05/17 01:18:22 | 002,138,112 | ---- | M] (Side Effects Software Inc.) [Auto | Running] -- C:\WINDOWS\system32\sesinetd.exe -- (HoudiniLicenseServer)
    SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2006/07/10 02:10:53 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2005/09/21 14:13:44 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -- (mi-raysat_3dsmax8)
    SRV - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
    SRV - [2004/07/13 10:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/07 17:01:40 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110708.032\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2011/05/19 15:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110701.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011/05/17 22:00:02 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110711.018\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/05/17 22:00:01 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110711.018\NAVENG.SYS -- (NAVENG)
    DRV - [2011/05/09 23:16:38 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/05/09 23:16:38 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/05/02 19:16:19 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
    DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
    DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
    DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/21 20:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
    DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
    DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
    DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
    DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
    DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
    DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
    DRV - [2007/04/09 08:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
    DRV - [2006/07/09 06:32:25 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
    DRV - [2005/04/13 17:31:30 | 000,239,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
    DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
    DRV - [2004/12/06 00:54:32 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
    DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/08/04 01:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
    DRV - [2004/04/23 23:43:00 | 000,374,752 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSBGXP.sys -- (PRISM_A02)
    DRV - [2004/02/17 06:49:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
    DRV - [2003/09/03 11:01:22 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2003/08/13 22:50:36 | 000,039,648 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
    DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
    DRV - [2003/07/02 02:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2003/06/19 04:59:00 | 000,140,800 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
    DRV - [2003/05/06 18:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2003/04/11 11:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
    DRV - [2003/02/20 19:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
    DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
    DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
    DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
    DRV - [2001/06/04 17:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2001/04/09 09:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)
    DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..network.proxy.ftp: ":0"
    FF - prefs.js..network.proxy.gopher: ":0"
    FF - prefs.js..network.proxy.http: ":0"
    FF - prefs.js..network.proxy.no_proxies_on: "localhost"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: ":0"
    FF - prefs.js..network.proxy.ssl: ":0"

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/07/09 03:21:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_0_8 [2011/07/11 22:15:07 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Owner\Application Data\Move Networks [2009/10/22 22:18:41 | 000,000,000 | ---D | M]

    [2008/08/15 19:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vh9wclgl.default\extensions
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
    [2008/03/24 21:21:00 | 002,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

    O1 HOSTS File: ([2011/07/11 13:42:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
    O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
    O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
    O4 - HKLM..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe ()
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
    O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
    O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
    O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKCU..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe ( )
    O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutorunsDisabled [2009/01/08 03:32:06 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
    O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab (Disney Online Games ActiveX Control)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (SysData Class)
    O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab (Malicious Software Removal Tool)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
    O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)
    O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/10/10 22:32:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2008/08/11 17:47:22 | 000,000,045 | ---- | M] () - D:\autorun.inf.vir -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/11 20:42:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2011/07/11 20:14:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/07/11 14:28:39 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
    [2011/07/11 14:28:39 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
    [2011/07/11 14:28:39 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
    [2011/07/11 14:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNA3100 Smart Wizard
    [2011/07/11 14:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
    [2011/07/11 14:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
    [2011/07/11 13:05:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/07/11 13:05:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/07/11 13:05:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/07/11 13:05:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/07/11 13:04:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/07/11 13:04:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/07/11 13:04:26 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/07/11 12:57:01 | 004,148,094 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2011/07/11 12:52:09 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    [2011/07/10 14:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    [2011/07/10 14:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/07/10 14:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/07/10 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/07/10 14:49:37 | 011,563,840 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    [2011/07/10 12:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\zfiles
    [2011/07/10 11:39:20 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2011/07/10 03:09:05 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
    [2011/07/10 00:29:33 | 002,558,968 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NPE.exe
    [2011/07/09 04:54:53 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\23kjasd123.com
    [2011/07/09 04:50:36 | 010,029,056 | ---- | C] (PC Tools Pty Ltd) -- C:\Documents and Settings\Owner\Desktop\HITScan.exe
    [2011/07/07 15:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\LinkSys
    [2011/07/07 15:13:47 | 000,000,000 | ---D | C] -- C:\Linksys Driver
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/07/11 22:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/07/11 22:15:27 | 000,272,437 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2011/07/11 22:15:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/07/11 22:15:09 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
    [2011/07/11 22:15:05 | 000,027,903 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
    [2011/07/11 22:15:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/07/11 22:14:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/07/11 22:14:48 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/11 20:43:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2011/07/11 18:35:18 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/07/11 14:32:01 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/07/11 14:32:01 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/07/11 14:28:38 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
    [2011/07/11 14:28:38 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
    [2011/07/11 13:42:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/07/11 12:57:16 | 004,148,094 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2011/07/11 12:55:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
    [2011/07/11 12:52:09 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    [2011/07/10 14:50:26 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/07/10 14:49:37 | 011,563,840 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    [2011/07/10 11:39:23 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2011/07/10 03:09:45 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/10 03:09:22 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
    [2011/07/10 00:29:33 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NPE.exe
    [2011/07/09 04:55:07 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\23kjasd123.com
    [2011/07/09 04:50:36 | 010,029,056 | ---- | M] (PC Tools Pty Ltd) -- C:\Documents and Settings\Owner\Desktop\HITScan.exe
    [2011/07/07 19:12:48 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
    [2011/07/07 16:25:27 | 000,001,383 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
    [2011/07/07 16:09:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/07/07 12:27:20 | 034,106,326 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WUSB54GCv2_wizard_1.0.0.8.0,0.zip
    [2011/07/06 00:02:58 | 000,169,472 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/05 18:29:42 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
    [2011/07/02 06:30:23 | 009,357,586 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tay_Zonday_Chocolate_Rain.mp3
    [2011/06/29 16:54:07 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [2011/06/22 09:25:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
  20. LordMagoo

    LordMagoo TS Rookie Topic Starter Posts: 27

    ========== Files Created - No Company Name ==========

    [2011/07/11 14:28:39 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2011/07/11 14:28:38 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
    [2011/07/11 14:28:38 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
    [2011/07/11 13:05:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/07/11 13:05:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/07/11 13:05:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/07/11 13:05:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/07/11 13:05:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/07/11 12:55:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
    [2011/07/11 00:55:40 | 2146,816,000 | -HS- | C] () -- C:\hiberfil.sys
    [2011/07/10 14:50:25 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/07/07 15:28:46 | 034,106,326 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WUSB54GCv2_wizard_1.0.0.8.0,0.zip
    [2011/07/07 14:38:23 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
    [2011/07/02 06:30:13 | 009,357,586 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Tay_Zonday_Chocolate_Rain.mp3
    [2011/01/04 21:57:46 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/01/04 21:52:37 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/11/23 13:48:53 | 000,027,903 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
    [2010/11/23 13:48:41 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
    [2010/11/20 05:02:05 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2010/09/29 04:35:50 | 000,050,864 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/04/30 14:47:56 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2010/04/07 00:26:05 | 000,030,048 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
    [2010/03/31 20:25:42 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
    [2009/10/05 03:29:41 | 000,000,276 | ---- | C] () -- C:\WINDOWS\TheMatrix.ini
    [2009/06/01 21:26:12 | 000,087,312 | ---- | C] () -- C:\WINDOWS\mws.exe
    [2008/08/15 19:53:38 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2008/08/15 19:41:16 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2008/08/15 19:33:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2007/10/12 12:19:30 | 000,005,012 | ---- | C] () -- C:\WINDOWS\System32\hserver.ini
    [2007/06/26 23:36:51 | 000,000,303 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
    [2007/06/26 23:36:45 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
    [2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
    [2007/05/29 20:02:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/02/23 00:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2007/01/10 08:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
    [2006/12/12 12:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2006/09/22 18:15:57 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2006/08/30 13:51:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/08/30 13:51:27 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/07/09 06:32:25 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
    [2006/07/09 06:32:16 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
    [2006/05/02 01:33:38 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
    [2005/12/16 00:13:59 | 000,003,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2005/10/13 00:58:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2005/10/01 13:34:15 | 000,001,295 | ---- | C] () -- C:\WINDOWS\checkip.dat
    [2005/10/01 13:30:14 | 000,001,297 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
    [2005/08/31 16:26:12 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
    [2005/04/30 13:37:31 | 000,035,190 | ---- | C] () -- C:\WINDOWS\scunin.dat
    [2005/01/20 01:38:28 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
    [2005/01/11 23:37:21 | 000,062,398 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
    [2005/01/01 02:44:11 | 000,000,285 | ---- | C] () -- C:\WINDOWS\vtmb.ini
    [2004/09/10 22:54:23 | 000,001,011 | ---- | C] () -- C:\WINDOWS\vampire.ini
    [2004/08/21 13:03:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/07/19 09:17:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
    [2004/07/11 23:10:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2004/07/11 21:02:12 | 000,000,813 | ---- | C] () -- C:\WINDOWS\eReg.dat
    [2004/05/24 16:54:43 | 000,000,085 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
    [2004/05/24 16:54:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
    [2004/05/01 10:24:05 | 000,169,472 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/02/14 18:47:01 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2004/02/14 17:57:00 | 000,007,326 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
    [2004/02/14 17:56:43 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
    [2004/02/12 23:23:54 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2004/02/12 23:23:54 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2004/02/12 23:23:54 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2004/02/12 23:22:40 | 000,038,390 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
    [2004/02/12 21:23:01 | 000,003,655 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
    [2003/11/05 20:06:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2003/11/05 20:06:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2003/11/05 20:06:56 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2003/11/05 20:06:51 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/11/05 20:06:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/11/05 20:06:24 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2003/11/05 20:06:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2003/11/05 20:05:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2003/11/05 20:04:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2003/10/14 01:41:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2003/10/14 01:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
    [2003/10/14 01:24:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
    [2003/10/13 18:52:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
    [2003/10/13 18:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
    [2003/10/11 04:15:25 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2003/10/11 01:33:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
    [2003/10/11 01:33:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
    [2003/10/11 01:33:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
    [2003/10/11 01:31:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
    [2003/10/11 01:29:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
    [2003/10/11 01:26:40 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
    [2003/10/11 01:24:47 | 000,030,203 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2003/10/11 01:24:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
    [2003/10/11 01:23:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2003/10/11 01:18:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2003/10/11 01:07:37 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2003/10/11 00:30:11 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
    [2003/10/11 00:30:06 | 000,018,403 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
    [2003/10/11 00:30:06 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
    [2003/10/11 00:12:25 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
    [2003/10/11 00:12:25 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
    [2003/10/10 23:47:15 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
    [2003/10/10 23:47:15 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
    [2003/10/10 23:39:27 | 000,014,676 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
    [2003/10/10 23:39:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
    [2003/10/10 23:25:30 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
    [2003/10/10 23:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
    [2003/10/10 23:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
    [2003/10/10 23:09:18 | 000,028,768 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
    [2003/10/10 23:09:18 | 000,024,670 | ---- | C] () -- C:\WINDOWS\System32\java.exe
    [2003/10/10 23:05:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/10/10 22:56:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
    [2003/10/10 22:56:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
    [2003/10/10 22:56:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2003/10/10 22:35:14 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2003/10/10 22:33:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2003/10/10 22:30:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2003/10/10 22:22:28 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2003/10/10 22:22:15 | 000,445,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2003/10/10 22:22:15 | 000,073,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2003/10/10 15:26:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/10/10 15:25:42 | 000,226,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2003/09/23 04:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/02/27 17:50:00 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll

    ========== LOP Check ==========

    [2006/07/10 02:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2007/05/29 00:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
    [2009/03/01 03:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
    [2007/11/01 22:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2007/11/01 22:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2007/11/01 22:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
    [2010/12/22 20:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/06/01 21:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2011/07/11 20:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/09/29 04:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/04/23 18:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/03/01 23:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
    [2005/09/05 19:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atari
    [2011/06/01 17:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
    [2011/06/08 22:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
    [2003/10/14 01:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
    [2005/01/20 01:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
    [2009/06/01 21:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
    [2004/03/15 10:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
    [2008/03/16 15:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lionhead Studios
    [2006/07/09 07:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MayaWebBrowser
    [2010/09/14 00:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
    [2010/08/08 22:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oberon Media
    [2008/06/10 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
    [2006/07/19 11:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
    [2003/10/11 01:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
    [2005/01/20 01:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
    [2010/12/22 20:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
    [2006/07/19 11:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
    [2010/02/23 18:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
    [2007/10/03 17:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
    [2006/01/05 11:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:322EAACD
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
     
  21. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    OK, I can't see your IP settings, so...

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    Click Go and post the result.
     
  22. LordMagoo

    LordMagoo TS Rookie Topic Starter Posts: 27

    MiniToolBox by Farbar
    Ran by Owner (administrator) on 11-07-2011 at 22:44:06
    Microsoft Windows XP Service Pack 3 (X86)

    ***************************************************************************


    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= End of IE Proxy Settings ========================

    ========================= FF Proxy Settings: ==============================

    "network.proxy.ftp", ":0"
    "network.proxy.gopher", ":0"
    "network.proxy.http", ":0"
    "network.proxy.no_proxies_on", "localhost"
    "network.proxy.share_proxy_settings", true
    "network.proxy.socks", ":0"
    "network.proxy.ssl", ":0"

    ========================= End of FF Proxy Settings ========================
    =============== Hosts content: ============================================

    127.0.0.1 localhost

    =============== End of Hosts ==============================================

    ================= IP Configuration: =======================================

    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "{4B220660-E01E-4840-80B1-78B3866C6C11}"

    set address name="{4B220660-E01E-4840-80B1-78B3866C6C11}" source=dhcp
    set dns name="{4B220660-E01E-4840-80B1-78B3866C6C11}" source=dhcp register=PRIMARY
    set wins name="{4B220660-E01E-4840-80B1-78B3866C6C11}" source=dhcp


    popd
    # End of interface IP configuration




    Windows IP Configuration



    Host Name . . . . . . . . . . . . : Magus

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Hybrid

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter {4B220660-E01E-4840-80B1-78B3866C6C11}:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Wireless N-300 USB Adapter WNA3100 - Packet Scheduler Miniport

    Physical Address. . . . . . . . . : C4-3D-C7-CB-ED-ED

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.1.3

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.1

    DHCP Server . . . . . . . . . . . : 192.168.1.1

    DNS Servers . . . . . . . . . . . : 213.109.68.247

    213.109.73.249

    Lease Obtained. . . . . . . . . . : Monday, July 11, 2011 10:17:41 PM

    Lease Expires . . . . . . . . . . : Tuesday, July 12, 2011 10:17:41 PM

    Server: UnKnown
    Address: 213.109.68.247

    Name: google.com
    Addresses: 74.125.115.99, 74.125.115.104, 74.125.115.147, 74.125.115.105
    74.125.115.106, 74.125.115.103



    Pinging google.com [74.125.91.99] with 32 bytes of data:



    Reply from 74.125.91.99: bytes=32 time=50ms TTL=51

    Reply from 74.125.91.99: bytes=32 time=52ms TTL=51



    Ping statistics for 74.125.91.99:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 50ms, Maximum = 52ms, Average = 51ms

    Server: UnKnown
    Address: 213.109.68.247

    Name: yahoo.com
    Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70
    67.195.160.76



    Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



    Reply from 72.30.2.43: bytes=32 time=88ms TTL=53

    Reply from 72.30.2.43: bytes=32 time=87ms TTL=52



    Ping statistics for 72.30.2.43:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 87ms, Maximum = 88ms, Average = 87ms



    Pinging 127.0.0.1 with 32 bytes of data:



    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...c4 3d c7 cb ed ed ...... Wireless N-300 USB Adapter WNA3100 - Packet Scheduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    169.254.0.0 255.255.0.0 192.168.1.3 192.168.1.3 20
    192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 25
    192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 25
    192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 25
    224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 25
    255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
    Default Gateway: 192.168.1.1
    ===========================================================================
    Persistent Routes:
    None

    ================= End of IP Configuration =================================
     
  23. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    That bad entry still exist:
    DNS Servers . . . . . . . . . . . : 213.109.68.247

    Re-run MiniToolbox.

    Checkmark following boxes:
    • Flush DNS
    • Reset FF Proxy Settings
    Click Go and post the result.

    Restart computer.

    Re-run MiniToolbox.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    Click Go and post the result.
     
  24. LordMagoo

    LordMagoo TS Rookie Topic Starter Posts: 27

    MiniToolBox by Farbar
    Ran by Owner (administrator) on 11-07-2011 at 22:59:47
    Microsoft Windows XP Service Pack 3 (X86)

    ***************************************************************************


    ================= Flush DNS: ==============================================


    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.


    ================= End of Flush DNS ========================================

    "Reset FF Proxy Settings": Firefox Proxy settings were reset.



    Report 2:
    MiniToolBox by Farbar
    Ran by Owner (administrator) on 11-07-2011 at 23:10:09
    Microsoft Windows XP Service Pack 3 (X86)

    ***************************************************************************


    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= End of IE Proxy Settings ========================

    ========================= FF Proxy Settings: ==============================


    ========================= End of FF Proxy Settings ========================

    ================= IP Configuration: =======================================

    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "{4B220660-E01E-4840-80B1-78B3866C6C11}"

    set address name="{4B220660-E01E-4840-80B1-78B3866C6C11}" source=dhcp
    set dns name="{4B220660-E01E-4840-80B1-78B3866C6C11}" source=dhcp register=PRIMARY
    set wins name="{4B220660-E01E-4840-80B1-78B3866C6C11}" source=dhcp


    popd
    # End of interface IP configuration




    Windows IP Configuration



    Host Name . . . . . . . . . . . . : Magus

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Hybrid

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter {4B220660-E01E-4840-80B1-78B3866C6C11}:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Wireless N-300 USB Adapter WNA3100 - Packet Scheduler Miniport

    Physical Address. . . . . . . . . : C4-3D-C7-CB-ED-ED

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.1.3

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.1

    DHCP Server . . . . . . . . . . . : 192.168.1.1

    DNS Servers . . . . . . . . . . . : 213.109.68.247

    213.109.73.249

    Lease Obtained. . . . . . . . . . : Monday, July 11, 2011 11:03:41 PM

    Lease Expires . . . . . . . . . . : Tuesday, July 12, 2011 11:03:41 PM

    Server: UnKnown
    Address: 213.109.68.247

    Name: google.com
    Addresses: 74.125.115.99, 74.125.115.147, 74.125.115.105, 74.125.115.103
    74.125.115.106, 74.125.115.104



    Pinging google.com [74.125.115.147] with 32 bytes of data:



    Reply from 74.125.115.147: bytes=32 time=56ms TTL=51

    Reply from 74.125.115.147: bytes=32 time=59ms TTL=51



    Ping statistics for 74.125.115.147:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 56ms, Maximum = 59ms, Average = 57ms

    Server: UnKnown
    Address: 213.109.68.247

    Name: yahoo.com
    Addresses: 209.191.122.70, 69.147.125.65, 98.137.149.56, 72.30.2.43
    67.195.160.76



    Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



    Reply from 72.30.2.43: bytes=32 time=85ms TTL=52

    Reply from 72.30.2.43: bytes=32 time=89ms TTL=53



    Ping statistics for 72.30.2.43:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 85ms, Maximum = 89ms, Average = 87ms



    Pinging 127.0.0.1 with 32 bytes of data:



    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...c4 3d c7 cb ed ed ...... Wireless N-300 USB Adapter WNA3100 - Packet Scheduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    169.254.0.0 255.255.0.0 192.168.1.3 192.168.1.3 20
    192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 25
    192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 25
    192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 25
    224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 25
    255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
    Default Gateway: 192.168.1.1
    ===========================================================================
    Persistent Routes:
    None

    ================= End of IP Configuration =================================
     
  25. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    It's still there.

    Repeat steps from my reply #23, but after turning the computer off reset your router one more time.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...