Solved Web Search Engine Redirect activity

[LordMagoo]

As per the various other posts, I appear to have picked up a variety of the infamour Google Redirect virus. The primary behavior is that links clicked from searches in google open pages other than those indicated by the link. Interestingly, if I close the window that opened and click the original link again it loads the correct page. I'm receiving the same behavior from Yahoo as well.
I have run my Norton Internet Security, Malwarebytes, and the Microsoft Malicious software removal tool, and the behavior persists.
I should also note, I have both a desktop and a laptop and recently (3 days ago) moved from one house to another. I did not have any apparent virus at the previous residence on either system, but as soon as I was connected to the wireless internet at the new address and tried running web searches both Laptop and Desktop displayed this behavior.
I have followed the steps posted at the top of the forum and have the following notes:
1: Malwarebytes would not update, following window pops up:
An Error has occurred. Please report this error to our support team.
PROGRAM_ERROR_UPDATING (11001, 0, Host not found)
No such host is known
Malware otherwise runs correctly
2:GMER and DDS appear to run correctly, but DDS has not presented me with an Attach.txt log, only the dds.txt log.

I await further instruction before posting the logs I have thus far (in case there's a way I'm missing to get Malware to properly update and the Attach.txt log).
Thank you in advance for your assistance!

 

[Broni]

Welcome aboard

Please post as many logs as you can.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[LordMagoo]

Thank you. I'm dense, the attach.txt log was just minimized, I was looking for a file on the desktop. logs follow:
Malwarebytes log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/10/2011 11:20:29 AM
mbam-log-2011-07-10 (11-20-29).txt

Scan type: Quick scan
Objects scanned: 182110
Time elapsed: 1 hour(s), 31 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Bad: (213.109.68.247) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Bad: (213.109.73.249) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA42D562-4E67-45DF-9F9D-927A80054CF8}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (213.109.68.247) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA42D562-4E67-45DF-9F9D-927A80054CF8}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (213.109.73.249) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS log:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 11:41:15 on 2011-07-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1447 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\sesinetd.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://srch-us10.hpwis.com/
uDefault_Page_URL = hxxp://us10.hpwis.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
uSearch Bar = hxxp://srch-us10.hpwis.com/
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
EB: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BackupNotify] "c:\program files\hp\digital imaging\bin\backupnotify.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CamMonitor] "c:\program files\hp\digital imaging\unload\hpqcmon.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [Sunkist2k] "c:\program files\multimedia card reader\shwicon2k.exe"
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
mRun: [Omnipage] "c:\program files\scansoft\omnipagese\opware32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSub.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: SpSubLSP.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-2 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110701.001\BHDrvx86.sys [2011-7-5 810616]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-7-24 93872]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-2 136312]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-22 24652]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2011-7-7 285152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-16 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110708.032\IDSXpx86.sys [2011-7-9 355256]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110709.002\NAVENG.SYS [2011-7-9 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110709.002\NAVEX15.SYS [2011-7-9 1542392]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-7 136176]
S2 mrtRate;mrtRate; [x]
S3 asbp2poa;asbp2poa;\??\c:\docume~1\owner\locals~1\temp\asbp2poa.sys --> c:\docume~1\owner\locals~1\temp\asbp2poa.sys [?]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2011-7-7 642432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-7 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-1 39984]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-7-7 50704]
.
=============== Created Last 30 ================
.
2011-07-07 22:59:10 642432 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys
2011-07-07 22:59:04 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2011-07-07 22:59:04 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-07-07 22:59:04 281104 ----a-w- c:\windows\system32\wpcap.dll
2011-07-07 22:59:04 100880 ----a-w- c:\windows\system32\Packet.dll
2011-07-07 22:58:59 -------- d-----w- c:\program files\NETGEAR
2011-07-07 19:13:47 -------- d-----w- C:\Linksys Driver
2011-06-15 03:36:07 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
==================== Find3M ====================
.
2011-06-06 20:10:06 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-17 18:15:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 23:16:19 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-02 23:16:19 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 11:42:46.67 ===============

 

[LordMagoo]

Attach.txt log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/12/2004 7:58:12 PM
System Uptime: 7/10/2011 11:22:42 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 'P4SD-LA'
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 147 GiB total, 2.658 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.931 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP712: 4/12/2011 8:25:25 AM - System Checkpoint
RP713: 4/13/2011 1:14:00 PM - System Checkpoint
RP714: 4/15/2011 3:40:42 AM - System Checkpoint
RP715: 4/16/2011 2:04:12 PM - System Checkpoint
RP716: 4/17/2011 5:15:03 PM - System Checkpoint
RP717: 4/18/2011 11:21:28 PM - System Checkpoint
RP718: 4/19/2011 11:31:46 PM - System Checkpoint
RP719: 4/21/2011 12:20:31 AM - System Checkpoint
RP720: 4/22/2011 1:21:29 AM - System Checkpoint
RP721: 4/23/2011 3:34:19 AM - System Checkpoint
RP722: 4/24/2011 2:46:02 PM - System Checkpoint
RP723: 4/26/2011 3:12:25 AM - System Checkpoint
RP724: 4/27/2011 3:23:37 AM - System Checkpoint
RP725: 4/28/2011 3:24:11 AM - System Checkpoint
RP726: 4/29/2011 11:38:17 AM - System Checkpoint
RP727: 4/30/2011 12:58:00 PM - System Checkpoint
RP728: 5/1/2011 2:07:45 PM - System Checkpoint
RP729: 5/2/2011 3:38:33 PM - System Checkpoint
RP730: 5/3/2011 12:24:08 PM - Software Distribution Service 3.0
RP731: 5/4/2011 3:42:30 PM - System Checkpoint
RP732: 5/6/2011 1:50:33 AM - System Checkpoint
RP733: 5/7/2011 2:44:34 AM - System Checkpoint
RP734: 5/8/2011 3:20:50 AM - System Checkpoint
RP735: 5/9/2011 3:22:54 AM - System Checkpoint
RP736: 5/10/2011 5:20:24 PM - System Checkpoint
RP737: 5/11/2011 8:51:10 PM - System Checkpoint
RP738: 5/13/2011 3:25:52 AM - System Checkpoint
RP739: 5/14/2011 5:14:27 PM - System Checkpoint
RP740: 5/16/2011 1:39:47 AM - System Checkpoint
RP741: 5/17/2011 12:42:44 AM - Software Distribution Service 3.0
RP742: 5/18/2011 3:28:55 AM - System Checkpoint
RP743: 5/19/2011 3:43:31 AM - System Checkpoint
RP744: 5/20/2011 2:32:12 PM - System Checkpoint
RP745: 5/22/2011 3:15:14 AM - System Checkpoint
RP746: 5/23/2011 3:29:49 AM - System Checkpoint
RP747: 5/24/2011 10:55:23 AM - System Checkpoint
RP748: 5/25/2011 4:17:51 PM - System Checkpoint
RP749: 5/27/2011 1:24:37 AM - System Checkpoint
RP750: 5/28/2011 3:09:47 AM - System Checkpoint
RP751: 5/29/2011 2:02:40 PM - System Checkpoint
RP752: 5/30/2011 3:28:22 PM - System Checkpoint
RP753: 5/31/2011 4:24:16 PM - System Checkpoint
RP754: 6/1/2011 7:21:24 PM - System Checkpoint
RP755: 6/3/2011 3:46:28 AM - System Checkpoint
RP756: 6/4/2011 4:44:33 AM - System Checkpoint
RP757: 6/5/2011 6:40:36 AM - System Checkpoint
RP758: 6/6/2011 6:06:55 PM - System Checkpoint
RP759: 6/8/2011 2:22:45 AM - System Checkpoint
RP760: 6/9/2011 5:46:38 AM - System Checkpoint
RP761: 6/14/2011 2:30:28 AM - System Checkpoint
RP762: 6/15/2011 4:08:18 AM - System Checkpoint
RP763: 6/16/2011 4:27:29 AM - System Checkpoint
RP764: 6/20/2011 1:11:52 AM - System Checkpoint
RP765: 6/21/2011 12:09:56 PM - System Checkpoint
RP766: 6/22/2011 8:59:21 AM - Software Distribution Service 3.0
RP767: 6/23/2011 1:06:53 PM - Removed Linksys Wireless-G USB Network Adapter
RP768: 6/24/2011 3:11:09 PM - System Checkpoint
RP769: 6/25/2011 6:36:36 PM - System Checkpoint
RP770: 6/26/2011 6:55:53 PM - System Checkpoint
RP771: 6/27/2011 7:55:52 PM - System Checkpoint
RP772: 6/29/2011 4:09:41 AM - Software Distribution Service 3.0
RP773: 6/30/2011 5:00:39 AM - System Checkpoint
RP774: 7/2/2011 6:50:06 AM - System Checkpoint
RP775: 7/3/2011 2:57:46 PM - System Checkpoint
RP776: 7/5/2011 4:04:00 AM - System Checkpoint
RP777: 7/7/2011 2:38:36 PM - Installed Linksys Wireless-G USB Network Adapter
RP778: 7/7/2011 3:32:03 PM - Removed Linksys Wireless-G USB Network Adapter
RP779: 7/7/2011 3:38:24 PM - Installed Linksys Wireless-G USB Network Adapter
RP780: 7/7/2011 3:56:44 PM - Unsigned driver install
RP781: 7/7/2011 3:59:43 PM - Removed Linksys Wireless-G USB Network Adapter
RP782: 7/7/2011 4:09:20 PM - Installed Linksys Wireless-G USB Network Adapter
RP783: 7/7/2011 4:21:12 PM - Removed Linksys Wireless-G USB Network Adapter
RP784: 7/7/2011 4:25:48 PM - Installed Linksys Wireless-G USB Network Adapter
RP785: 7/7/2011 4:26:48 PM - Unsigned driver install
RP786: 7/7/2011 5:08:46 PM - Removed Linksys Wireless-G USB Network Adapter
RP787: 7/7/2011 6:58:58 PM - Installed NETGEAR WNA3100 wireless USB 2.0 adapter
RP788: 7/7/2011 7:32:50 PM - Restore Operation
RP789: 7/7/2011 7:39:44 PM - Restore Operation
RP790: 7/7/2011 7:42:50 PM - Restore Operation
RP791: 7/7/2011 7:45:46 PM - Restore Operation
RP792: 7/7/2011 7:48:30 PM - Restore Operation
RP793: 7/9/2011 5:32:03 AM - System Checkpoint
RP794: 7/10/2011 7:15:50 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
AC3Filter (remove only)
Acrobat.com
Adobe Acrobat 5.0
Adobe After Effects 7.0
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Premiere Pro
Adobe Reader 9.4.5
Adobe Shockwave Player
Adobe Stock Photos 1.0
AiO_Scan
AIOMinimal
AiOSoftware
Anime Studio Pro 6.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
ArcSoft ShowBiz 2
Autodesk 3ds Max 8
Autodesk DirectConnect 2.0
AutoUpdate
Azureus
Backburner
Black & White Creature Isle
Black and White
Bonjour
Copy
Corel Painter Essentials 2
Corel Painter Essentials 4
Coupon Printer for Windows
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Diablo II
Director
DivX Codec
DocProc
Download Manager 2.3.7
exPressit S.E. 2.1
Fax
GLOBEtrotter FLEXid Drivers
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Houdini 9.0.747
hp deskjet 5100
HP Deskjet Preloaded Printer Drivers
HP Instant Support
HP Organize
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Product Detection
HP PSC & OfficeJet 3.0
HP Software Update
HPIZ311
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo MediaOne Gallery
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2
KBD
Keylight (1.0v4) Demo for Adobe After Effects
Magic Bullet Suite 2.0
Magic Bullet Suite 2.1
Malwarebytes' Anti-Malware version 1.51.0.1200
Maya 2008
Maya 2008 Documentation (en_US)
MechWarrior Vengeance
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 6.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 7.0
Microsoft XML Parser
Move Media Player
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Multimedia Card Reader
MUSICMATCH® Jukebox
Nero 7
neroxml
NETGEAR WNA3100 wireless USB 2.0 adapter
nik Color Efex Pro 2.0 IE
Norton Internet Security
Norton Utilities
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OmniPage SE
PC-Doctor for Windows
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
PowerISO
PrintScreen
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2004
QuickProjects
QuickTime
Readme
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
RecordNow!
RollerCoaster Tycoon 3
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sentinel System Driver
Sid Meier's Civilization 4
Sid Meier's Pirates!
SkinsHP1
SkinsHP2
Sonic Update Manager
Sony Sound Forge 8.0b
SpamSubtract
Starcraft
StarCraft II
System Requirements Lab
TrayApp
UniUploader
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Updates from HP
Vampire - The Masquerade Bloodlines
Ventrilo Client
VideoLAN VLC media player 0.8.6f
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Vue 6 xStream 32bit
Wacom Tablet
Warcraft III: All Products
Water 1.03. for Adobe After Effects
WD Diagnostics
WeatherBug
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
World of Warcraft
ZBrush3
.
==== Event Viewer Messages From Past Week ========
.
7/7/2011 4:23:33 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
7/7/2011 3:47:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NIS service.
7/7/2011 2:43:28 PM, error: Service Control Manager [7023] - The iPod Service service terminated with the following error: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed once initialized.
7/4/2011 2:48:56 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
.
==== End Of File ===========================

 

[LordMagoo]

GMER log:
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-10 11:36:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y160P0 rev.YAR41BW0
Running: w5yw6nh8.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxldypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

 

[Broni]

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
• Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

• Open SUPERAntiSpyware.
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Post SUPERAntiSpyware log.

 

[LordMagoo]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/11/2011 at 00:52 AM

Application Version : 4.55.1000

Core Rules Database Version : 7392
Trace Rules Database Version: 5204

Scan type : Complete Scan
Total Scan Time : 09:28:48

Memory items scanned : 220
Memory threats detected : 0
Registry items scanned : 9659
Registry threats detected : 5
File items scanned : 224501
File threats detected : 0

Rogue.Component/Trace
HKLM\Software\Microsoft\20DDE9B3
HKLM\Software\Microsoft\20DDE9B3#20dde9b3
HKLM\Software\Microsoft\20DDE9B3#Version
HKLM\Software\Microsoft\20DDE9B3#red_srv
HKLM\Software\Microsoft\20DDE9B3#red_srv_bckp

 

[Broni]

Good

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[LordMagoo]

I did unfortunately have to uninstall and reinstall the netgear wireless program.driver for my USB wireless adapter, as I could not reconnect to the internet after running combofix despite rebooting the system twice, and the allready present installation of the netgear wizard would not open. Hope that isn't a drastic issue. Logs follow:

aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-11 12:53:24
-----------------------------
12:53:24.171 OS Version: Windows 5.1.2600 Service Pack 3
12:53:24.171 Number of processors: 2 586 0x303
12:53:24.171 ComputerName: MAGUS UserName: Owner
12:53:25.375 Initialize success
12:54:04.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:54:04.781 Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 156334MB BusType: 3
12:54:06.812 Disk 0 MBR read successfully
12:54:06.812 Disk 0 MBR scan
12:54:06.812 Disk 0 unknown MBR code
12:54:08.812 Disk 0 scanning sectors +320150880
12:54:08.828 Disk 0 scanning C:\WINDOWS\system32\drivers
12:54:25.921 Service scanning
12:54:27.390 Disk 0 trace - called modules:
12:54:27.406 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:54:27.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a76aab8]
12:54:27.421 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000075[0x8a771f18]
12:54:27.421 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a752d98]
12:54:27.437 Scan finished successfully
12:55:38.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
12:55:38.968 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Combofix log:
ComboFix 11-07-11.02 - Owner 07/11/2011 13:07:45.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1313 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
C:\LHT5C.tmp
C:\LHT5F.tmp
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\ps2.bat
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-11 17:04 . 2011-07-11 17:04 -------- d-----w- C:\32788R22FWJFW
2011-07-10 18:56 . 2011-07-10 18:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-07-10 18:50 . 2011-07-10 18:50 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-07-10 18:50 . 2011-07-10 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-10 18:50 . 2011-07-10 18:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-07 22:59 . 2009-11-06 12:26 642432 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys
2011-07-07 22:58 . 2011-07-07 22:58 -------- d-----w- c:\program files\NETGEAR
2011-07-07 22:58 . 2011-07-07 22:58 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2011-07-07 19:13 . 2011-07-07 19:13 -------- d-----w- C:\Linksys Driver
2011-06-15 03:36 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 20:10 . 2011-06-06 20:10 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-05-29 13:11 . 2009-03-01 07:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2009-03-01 07:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-17 18:15 . 2011-05-17 18:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 23:16 . 2010-03-29 06:06 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-02 23:16 . 2010-03-29 06:06 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-02 15:31 . 2004-06-07 18:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2003-11-05 23:24 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2003-10-11 02:22 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2003-11-06 00:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2003-11-06 00:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2003-11-06 00:06 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-15 139264]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 53248]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-27 172032]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-31 113664]
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 557056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-7-7 4577760]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2010-11-23 77824]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.2.1-patch-enUS-Downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.2.4-to-1.3.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\CreatureIsle\\CreatureIsle.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\e-on software\\Vue 6 xStream\\Application\\Vue 6 xStream.eon"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:WoW
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [5/2/2011 7:16 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [5/2/2011 7:16 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [7/5/2011 4:18 PM 810616]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [7/24/2010 2:44 AM 93872]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [5/2/2011 7:16 PM 136312]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 7:15 PM 130008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/22/2007 9:24 AM 24652]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [7/7/2011 6:59 PM 642432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/16/2011 10:09 PM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110708.032\IDSXpx86.sys [7/9/2011 3:35 AM 355256]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2011 2:06 AM 136176]
S2 mrtRate;mrtRate; [x]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [7/7/2011 6:59 PM 285152]
S3 asbp2poa;asbp2poa;\??\c:\docume~1\Owner\LOCALS~1\Temp\asbp2poa.sys --> c:\docume~1\Owner\LOCALS~1\Temp\asbp2poa.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2011 2:06 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/1/2009 3:29 AM 39984]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-07 06:06]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-07 06:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-nwiz - nwiz.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-11 13:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2556506642-3858498548-2755462736-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:e9,be,6e,46,28,d0,e5,62,4a,08,fa,24,d9,5d,2d,cd,7a,0b,45,06,a4,
21,d7,b2,a2,e8,8a,2d,3b,db,61,98,04,93,8c,0e,55,2b,56,24,77,c2,5e,33,d6,0f,\
.
[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2454371:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{8FB4B813-B786-EE60-C211-419E1497D088}\Version 1.1]
@DACL=
"dat"="806585365:{FA6F679B-85DC-7D4C-F168-74E1C5DF5292}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ôw*]
"91A14B995DF7C0B42ABAA16065968F3A"="c:\\Program Files\\Alias\\Maya7.0\\presets\\Ashli\\"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"91A14B995DF7C0B42ABAA16065968F3A"="c:\\Program Files\\Alias\\Maya7.0\\presets\\Ashli\\"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2454392:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{8FB4B813-B786-EE60-C211-419E1497D088}\Version 3.x]
@DACL=
"dat"="1767914624:{28C6B431-8CF6-BEF0-5E73-3369657830C5}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923713937:{3E943347-D974-E669-3DD4-3B4525BDC998}"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:e9,be,6e,46,28,d0,e5,62,4a,08,fa,24,d9,5d,2d,cd,7a,0b,45,06,a4,
21,d7,b2,a2,e8,8a,2d,3b,db,61,98,04,93,8c,0e,55,2b,56,24,77,c2,5e,33,d6,0f,\
.
[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{7D663E07-51FC-ED4F-793B-4BC07A7CD4E3}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234520645:{BED760B6-4FA2-0B60-80FF-6645A63B552E}"
.
[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="1:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1000)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1056)
c:\windows\system32\SpSubLSP.dll
.
- - - - - - - > 'explorer.exe'(1340)
c:\windows\system32\WININET.dll
c:\windows\system32\tabhook.dll
c:\program files\ScanSoft\OmniPageSE\ophook32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\sesinetd.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\Tablet.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\LTMSG.exe
c:\windows\ALCXMNTR.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-07-11 13:55:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-11 17:55
.
Pre-Run: 1,948,917,760 bytes free
Post-Run: 2,169,835,520 bytes free
.
- - End Of File - - 736D7AAB6199F4375F4C5E0112A4316E

 

[Broni]

How is redirection?

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

============================================================

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[LordMagoo]

No luck yet, I'm still getting redirected. Also, I might not have noticed the behavior earlier because as soon as I saw the google redicrection I cut down my browsing activity trying and focused on finding a fix, but I have noticed posting here and following some of the forum links that I'm also getting seperate browser windows opening (full screen pop ups behind my active window) occasionally while a new page is loading.
scan logs as requested:

OTL logfile created on: 7/11/2011 8:45:57 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 67.93% Memory free
2.60 Gb Paging File | 2.15 Gb Available in Paging File | 82.64% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.14 Gb Total Space | 1.95 Gb Free Space | 1.33% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.93 Gb Free Space | 16.91% Space Free | Partition Type: FAT32

Computer Name: MAGUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/11 20:43:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
PRC - [2008/05/17 01:18:22 | 002,138,112 | ---- | M] (Side Effects Software Inc.) -- C:\WINDOWS\system32\sesinetd.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/07/10 02:10:53 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2005/09/21 14:13:44 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
PRC - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/07/13 10:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2004/07/13 10:45:05 | 000,077,824 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2003/08/14 21:11:32 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2003/07/14 20:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2003/07/07 19:50:08 | 000,557,056 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSub.exe
PRC - [2003/05/23 05:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/03/27 04:34:12 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2002/10/07 10:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/06/03 12:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe


========== Modules (SafeList) ==========

MOD - [2011/07/11 20:43:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/07/13 10:40:28 | 000,044,544 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll
MOD - [2002/06/03 12:37:50 | 000,167,936 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2008/05/17 01:18:22 | 002,138,112 | ---- | M] (Side Effects Software Inc.) [Auto | Running] -- C:\WINDOWS\system32\sesinetd.exe -- (HoudiniLicenseServer)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/07/10 02:10:53 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2005/09/21 14:13:44 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -- (mi-raysat_3dsmax8)
SRV - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/07/13 10:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/07 17:01:40 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110708.032\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/19 15:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110701.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/17 22:00:02 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110711.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/17 22:00:01 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110711.018\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/09 23:16:38 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 23:16:38 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/02 19:16:19 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/04/09 08:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/07/09 06:32:25 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2005/04/13 17:31:30 | 000,239,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/12/06 00:54:32 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 01:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/04/23 23:43:00 | 000,374,752 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSBGXP.sys -- (PRISM_A02)
DRV - [2004/02/17 06:49:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/09/03 11:01:22 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/13 22:50:36 | 000,039,648 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/07/02 02:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/19 04:59:00 | 000,140,800 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/05/06 18:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/11 11:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/02/20 19:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2001/06/04 17:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/04/09 09:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)
DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
IE - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/07/09 03:21:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_0_8 [2011/07/11 14:25:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Owner\Application Data\Move Networks [2009/10/22 22:18:41 | 000,000,000 | ---D | M]

[2008/08/15 19:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vh9wclgl.default\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2008/03/24 21:21:00 | 002,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2011/07/11 13:42:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe ( )
O4 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutorunsDisabled [2009/01/08 03:32:06 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2556506642-3858498548-2755462736-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.68.247 213.109.73.249
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/10 22:32:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/08/11 17:47:22 | 000,000,045 | ---- | M] () - D:\autorun.inf.vir -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/11 20:42:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/07/11 20:14:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/11 14:30:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/07/11 14:28:39 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2011/07/11 14:28:39 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2011/07/11 14:28:39 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/07/11 14:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNA3100 Smart Wizard
[2011/07/11 14:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2011/07/11 14:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2011/07/11 13:05:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/11 13:05:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/11 13:05:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/11 13:05:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/11 13:04:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/11 13:04:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/11 13:04:26 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/11 12:57:01 | 004,148,094 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/07/11 12:52:09 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/07/10 14:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2011/07/10 14:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/10 14:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/10 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/10 14:49:37 | 011,563,840 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2011/07/10 12:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\zfiles
[2011/07/10 11:39:20 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/07/10 03:09:05 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/10 00:29:33 | 002,558,968 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NPE.exe
[2011/07/09 04:54:53 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\23kjasd123.com
[2011/07/09 04:50:36 | 010,029,056 | ---- | C] (PC Tools Pty Ltd) -- C:\Documents and Settings\Owner\Desktop\HITScan.exe
[2011/07/07 15:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\LinkSys
[2011/07/07 15:13:47 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/11 20:43:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/07/11 20:16:14 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/11 18:35:18 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/11 14:32:01 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/11 14:32:01 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/11 14:28:38 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2011/07/11 14:28:38 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
[2011/07/11 14:25:37 | 000,272,437 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/07/11 14:25:19 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/07/11 14:25:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/11 14:25:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/11 14:25:09 | 000,027,903 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/07/11 14:25:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/11 14:24:55 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/11 13:42:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/11 12:57:16 | 004,148,094 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/07/11 12:55:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/07/11 12:52:09 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/07/10 14:50:26 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/10 14:49:37 | 011,563,840 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2011/07/10 11:39:23 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/07/10 03:09:45 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/10 03:09:22 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/10 00:29:33 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NPE.exe
[2011/07/09 04:55:07 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\23kjasd123.com
[2011/07/09 04:50:36 | 010,029,056 | ---- | M] (PC Tools Pty Ltd) -- C:\Documents and Settings\Owner\Desktop\HITScan.exe
[2011/07/07 19:12:48 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/07/07 16:25:27 | 000,001,383 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2011/07/07 16:09:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/07 12:27:20 | 034,106,326 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WUSB54GCv2_wizard_1.0.0.8.0,0.zip
[2011/07/06 00:02:58 | 000,169,472 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/05 18:29:42 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/07/02 06:30:23 | 009,357,586 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tay_Zonday_Chocolate_Rain.mp3
[2011/06/29 16:54:07 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/22 09:25:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

[LordMagoo]

========== Files Created - No Company Name ==========

[2011/07/11 14:28:39 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/07/11 14:28:38 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2011/07/11 14:28:38 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
[2011/07/11 13:05:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/11 13:05:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/11 13:05:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/11 13:05:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/11 13:05:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/11 12:55:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/07/11 00:55:40 | 2146,816,000 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/10 14:50:25 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/07 15:28:46 | 034,106,326 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WUSB54GCv2_wizard_1.0.0.8.0,0.zip
[2011/07/07 14:38:23 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2011/07/02 06:30:13 | 009,357,586 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Tay_Zonday_Chocolate_Rain.mp3
[2011/01/04 21:57:46 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/04 21:52:37 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/23 13:48:53 | 000,027,903 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2010/11/23 13:48:41 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2010/11/20 05:02:05 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/09/29 04:35:50 | 000,050,864 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/30 14:47:56 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/07 00:26:05 | 000,030,048 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2010/03/31 20:25:42 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/10/05 03:29:41 | 000,000,276 | ---- | C] () -- C:\WINDOWS\TheMatrix.ini
[2009/06/01 21:26:12 | 000,087,312 | ---- | C] () -- C:\WINDOWS\mws.exe
[2008/08/15 19:53:38 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/15 19:41:16 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/08/15 19:33:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/10/12 12:19:30 | 000,005,012 | ---- | C] () -- C:\WINDOWS\System32\hserver.ini
[2007/06/26 23:36:51 | 000,000,303 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/06/26 23:36:45 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2007/05/29 20:02:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/23 00:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/10 08:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006/12/12 12:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/09/22 18:15:57 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/08/30 13:51:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/30 13:51:27 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/07/09 06:32:25 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2006/07/09 06:32:16 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2006/05/02 01:33:38 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
[2005/12/16 00:13:59 | 000,003,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/13 00:58:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/10/01 13:34:15 | 000,001,295 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2005/10/01 13:30:14 | 000,001,297 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2005/08/31 16:26:12 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2005/04/30 13:37:31 | 000,035,190 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2005/01/20 01:38:28 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/01/11 23:37:21 | 000,062,398 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2005/01/01 02:44:11 | 000,000,285 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2004/09/10 22:54:23 | 000,001,011 | ---- | C] () -- C:\WINDOWS\vampire.ini
[2004/08/21 13:03:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/19 09:17:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2004/07/11 23:10:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/07/11 21:02:12 | 000,000,813 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/05/24 16:54:43 | 000,000,085 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2004/05/24 16:54:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2004/05/01 10:24:05 | 000,169,472 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/14 18:47:01 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2004/02/14 17:57:00 | 000,007,326 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2004/02/14 17:56:43 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/02/12 23:23:54 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/02/12 23:23:54 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/02/12 23:23:54 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/02/12 23:22:40 | 000,038,390 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2004/02/12 21:23:01 | 000,003,655 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/11/05 20:06:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/11/05 20:06:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/11/05 20:06:56 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/11/05 20:06:51 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/11/05 20:06:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/11/05 20:06:24 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/11/05 20:06:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/11/05 20:05:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/11/05 20:04:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/10/14 01:41:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/14 01:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/10/14 01:24:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/10/13 18:52:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/10/13 18:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/10/11 04:15:25 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2003/10/11 01:33:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/10/11 01:33:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/10/11 01:33:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/10/11 01:31:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/10/11 01:29:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/10/11 01:26:40 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2003/10/11 01:24:47 | 000,030,203 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/10/11 01:24:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/10/11 01:23:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/10/11 01:18:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/11 01:07:37 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/11 00:30:11 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2003/10/11 00:30:06 | 000,018,403 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2003/10/11 00:30:06 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2003/10/11 00:12:25 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2003/10/11 00:12:25 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2003/10/10 23:47:15 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2003/10/10 23:47:15 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2003/10/10 23:39:27 | 000,014,676 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2003/10/10 23:39:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2003/10/10 23:25:30 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2003/10/10 23:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/10/10 23:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/10/10 23:09:18 | 000,028,768 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2003/10/10 23:09:18 | 000,024,670 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2003/10/10 23:05:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/10 22:56:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/10/10 22:56:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/10/10 22:56:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/10/10 22:35:14 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/10 22:33:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/10/10 22:30:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/10/10 22:22:28 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/10 22:22:15 | 000,445,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/10/10 22:22:15 | 000,073,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/10/10 15:26:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/10 15:25:42 | 000,226,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/23 04:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/02/27 17:50:00 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll

========== LOP Check ==========

[2003/10/14 01:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\interMute
[2003/10/11 01:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2006/07/10 02:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2007/05/29 00:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2009/03/01 03:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2007/11/01 22:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/11/01 22:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007/11/01 22:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/12/22 20:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/01 21:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/07/11 20:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/29 04:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/23 18:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2003/10/14 01:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\interMute
[2003/10/11 01:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2009/03/01 23:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2005/09/05 19:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atari
[2011/06/01 17:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2011/06/08 22:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2003/10/14 01:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2005/01/20 01:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2009/06/01 21:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2004/03/15 10:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/03/16 15:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lionhead Studios
[2006/07/09 07:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MayaWebBrowser
[2010/09/14 00:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2010/08/08 22:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oberon Media
[2008/06/10 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2006/07/19 11:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2003/10/11 01:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2005/01/20 01:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2010/12/22 20:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
[2006/07/19 11:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2010/02/23 18:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2007/10/03 17:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2006/01/05 11:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2003/10/10 22:32:03 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/02/12 20:54:40 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
[2004/08/25 16:12:39 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2002/08/29 15:00:00 | 000,245,920 | RHS- | M] () -- C:\cmldr
[2011/07/11 13:55:56 | 000,017,265 | ---- | M] () -- C:\ComboFix.txt
[2003/10/10 22:32:03 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/06/19 22:29:25 | 000,000,130 | ---- | M] () -- C:\debug.txt
[2006/07/31 19:51:23 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2011/07/11 14:24:55 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/11 20:41:40 | 000,222,823 | ---- | M] () -- C:\hpfr5100.log
[2008/08/10 21:22:55 | 000,000,164 | ---- | M] () -- C:\install.dat
[2006/09/22 18:16:02 | 000,001,207 | ---- | M] () -- C:\INSTALL.LOG
[2003/10/10 22:32:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/25 02:00:45 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2003/10/10 22:32:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/02 12:02:33 | 000,001,041 | ---- | M] () -- C:\net_save.dna
[2004/08/25 16:04:30 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/24 05:51:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/11 14:24:53 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2008/08/13 19:59:28 | 000,009,078 | ---- | M] () -- C:\smitfiles.txt
[2008/08/04 22:24:03 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/08/10 13:35:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/08/10 13:35:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/08/11 20:00:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/08/13 19:29:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/07/15 22:15:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/07/15 22:19:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/07/15 23:07:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/07/16 00:39:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/07/16 18:14:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/07/17 22:56:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/07/24 19:01:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/07/25 20:21:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/07/28 19:59:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/07/28 22:35:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/08/01 19:09:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/08/03 14:08:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/08/04 21:56:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/08/04 22:10:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/08/04 22:15:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/08/04 22:24:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/08/10 13:35:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/08/10 13:35:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/08/11 20:00:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/08/13 19:29:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/07/15 22:15:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/07/15 22:19:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/07/15 23:07:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/07/16 00:39:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/07/16 18:14:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/07/17 22:56:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/07/24 19:01:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/07/25 20:21:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/07/28 19:59:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/07/28 22:35:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/08/01 19:09:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/08/03 14:08:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/08/04 21:56:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/08/04 22:10:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/08/04 22:15:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2011/07/09 04:59:00 | 000,049,970 | ---- | M] () -- C:\TDSSKiller.2.5.9.0_09.07.2011_04.58.16_log.txt
[2011/07/09 12:45:44 | 000,050,392 | ---- | M] () -- C:\TDSSKiller.2.5.9.0_09.07.2011_12.45.04_log.txt
[2010/11/03 17:07:30 | 000,001,270 | ---- | M] () -- C:\tracert.txt
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/10/10 22:31:38 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2007/08/18 23:16:44 | 000,549,888 | ---- | M] () -- C:\WINDOWS\TheMatrix.scr
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/07/07 22:04:24 | 000,001,658 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003/10/10 15:25:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2003/10/10 15:25:03 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003/10/10 15:25:03 | 000,385,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/24 05:55:19 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2003/10/10 22:53:25 | 000,014,609 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml1.srt
[2003/10/10 22:53:25 | 000,014,118 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml2.srt
[2003/10/10 22:53:25 | 000,015,559 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\tempdiff.txt

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/08/25 17:26:43 | 000,000,198 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2003/10/10 22:35:02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/05/31 18:58:05 | 003,219,456 | ---- | M] (Smith Micro Software, Inc.) -- C:\Documents and Settings\Owner\Desktop\Anime Studio Pro.exe
[2011/07/11 12:52:09 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/07/11 12:57:16 | 004,148,094 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/07/09 04:50:36 | 010,029,056 | ---- | M] (PC Tools Pty Ltd) -- C:\Documents and Settings\Owner\Desktop\HITScan.exe
[2011/07/10 03:09:22 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/10 00:29:33 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NPE.exe
[2011/07/11 20:43:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/03 14:35:56 | 000,231,224 | ---- | M] (Trusteer Ltd.) -- C:\Documents and Settings\Owner\Desktop\RapportSetup.exe
[2011/07/10 14:49:37 | 011,563,840 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/07/23 23:05:35 | 091,250,688 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VIPRERescue6624.exe
[2010/08/23 19:00:50 | 092,176,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VIPRERescue6778.exe
[2011/07/07 23:09:09 | 013,487,560 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v3.20.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/08/25 17:26:43 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/07/11 20:44:25 | 000,360,448 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/08/29 08:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 22:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 22:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/21 01:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/08/29 08:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/08/29 08:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/08/29 08:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 22:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 14:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 19:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP287FACF
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:322EAACD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >

 

[LordMagoo]

OTL Extras logfile created on: 7/11/2011 8:45:57 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 67.93% Memory free
2.60 Gb Paging File | 2.15 Gb Available in Paging File | 82.64% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.14 Gb Total Space | 1.95 Gb Free Space | 1.33% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.93 Gb Free Space | 16.91% Space Free | Partition Type: FAT32

Computer Name: MAGUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:WoW

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.2.4-to-1.3.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.2.4-to-1.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*isabled:BackWeb-137903 -- ()
"C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Lionhead Studios Ltd\Black & White\CreatureIsle\CreatureIsle.exe" = C:\Program Files\Lionhead Studios Ltd\Black & White\CreatureIsle\CreatureIsle.exe:*:Enabled:lh -- (LionHead Studios Ltd.)
"C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe" = C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh -- (LionHead Studios Ltd.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Autodesk\3dsMax8\3dsmax.exe" = C:\Program Files\Autodesk\3dsMax8\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8 -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\backburner\monitor.exe" = C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\backburner\manager.exe" = C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\backburner\server.exe" = C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files\e-on software\Vue 6 xStream\Application\Vue 6 xStream.eon" = C:\Program Files\e-on software\Vue 6 xStream\Application\Vue 6 xStream.eon:*:Enabled:Vue 6 xStream -- ()
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{253CA9FD-36D9-4E02-8EC7-9F17478BF1FF}" = Black & White Creature Isle
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{48EB9208-593D-4DC7-B613-9C5A210D87BA}" = Sony Sound Forge 8.0b
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C70ACE2-6EF2-4F8D-8C4A-78198AA979DD}" = Maya 2008 Documentation (en_US)
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B946D46E-1302-48B4-84EE-B74C3191D975}" = Corel Painter Essentials 2
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}" = Autodesk DirectConnect 2.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{DA864DC0-0BF2-454B-A6A9-08A45EB97D3B}" = Maya 2008
"{DBB313D6-4B13-4961-BD5F-673CDA1793CC}" = Autodesk 3ds Max 8
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ311
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FCE50DB8-C610-4C42-BE5C-193F46C6F812}" = Windows Live Messenger
"{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}" = hp deskjet 5100
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe After Effects 7.0" = Adobe After Effects 7.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Anime Studio Pro_is1" = Anime Studio Pro 6.0
"Azureus" = Azureus
"BackWeb-137903 Uninstaller" = Updates from HP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Diablo II" = Diablo II
"Download Manager" = Download Manager 2.3.7
"exPressit S.E. 2.1" = exPressit S.E. 2.1
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"Houdini 9.0.747" = Houdini 9.0.747
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"Keylight (1.0v4) Demo for Adobe After Effects" = Keylight (1.0v4) Demo for Adobe After Effects
"Magic Bullet Suite 2.0" = Magic Bullet Suite 2.0
"Magic Bullet Suite 2.1" = Magic Bullet Suite 2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MechWarrior Vengeance" = MechWarrior Vengeance
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nik Color Efex Pro 2.0 IE" = nik Color Efex Pro 2.0 IE
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Utilities_is1" = Norton Utilities
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PowerISO" = PowerISO
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer
"SpamSubtract" = SpamSubtract
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"SystemRequirementsLab" = System Requirements Lab
"UniUploader" = UniUploader
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Vue 6 xStream 32bit" = Vue 6 xStream 32bit
"Wacom Tablet Driver" = Wacom Tablet
"Water v 1.03. for Adobe After Effects_is1" = Water 1.03. for Adobe After Effects
"WeatherBug" = WeatherBug
"WildTangent CDA" = WildTangent Web Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2556506642-3858498548-2755462736-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/27/2011 5:09:17 AM | Computer Name = MAGUS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/10/2011 3:05:33 AM | Computer Name = MAGUS | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.51.0.1074, faulting module
msvbvm60.dll, version 6.0.98.2, fault address 0x000e450a.

Error - 7/10/2011 3:05:36 AM | Computer Name = MAGUS | Source = Application Error | ID = 1001
Description = Fault bucket -1828004515.

[ System Events ]
Error - 7/10/2011 3:15:34 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL
SCDEmu
SRTSP
SRTSPX
SymIRON
SYMTDI
Tcpip
WS2IFSL

Error - 7/11/2011 12:54:22 AM | Computer Name = MAGUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/11/2011 12:55:58 AM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/11/2011 12:45:52 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/11/2011 1:07:11 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7034
Description = The RaySat_3dsmax8 Server service terminated unexpectedly. It has
done this 1 time(s).

Error - 7/11/2011 1:41:36 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/11/2011 1:42:12 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7034
Description = The RaySat_3dsmax8 Server service terminated unexpectedly. It has
done this 1 time(s).

Error - 7/11/2011 2:03:05 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/11/2011 2:12:08 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/11/2011 2:25:13 PM | Computer Name = MAGUS | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2


< End of report >

 

[Broni]

Yeah, I can see your DNS has been hijacked by Ukrainian malicious IP:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.68.247 213.109.73.249

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

Re-run OTL and post fresh log. Only one log will be produced.

 

[LordMagoo]

Before I go handling the router, is this something that's on the router, or does it just need to be reset?
reason I ask is I'm not the only person connecting to the router, there are 3 other laptops as well as the desktop I've been posting and working from that use the same router. (and as I mentioned originally my laptop is showing the same behavior, as is one of the other laptops, though that one is Linux)
Basicly, my concern is would resetting the router be ineffective if other systems are having problems as well??

 

[Broni]

No...............

 

[LordMagoo]

OK. I was mildly paranoid about that as the router was the only commonality
I'll start going about that now, post the log when it's finished.
really appreciate the assistance!

 

[Broni]

Sure thing

 

[LordMagoo]

OK, not sure I did this 100% correctly. the /release and /renew commands stated that they couldn't do anything, something to do with media being unplugged.
(I note it looks like they were intended for my ethernet card which currently isn't in use as I'm using a usb wireless adapter to connect)
I hit the reset button on the router until everything clearly went on and off, though the power indicator light stayed on.

OTL logfile created on: 7/11/2011 10:20:25 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.35% Memory free
2.60 Gb Paging File | 2.22 Gb Available in Paging File | 85.16% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.14 Gb Total Space | 1.92 Gb Free Space | 1.31% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.93 Gb Free Space | 16.91% Space Free | Partition Type: FAT32

Computer Name: MAGUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/11 20:43:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
PRC - [2008/05/17 01:18:22 | 002,138,112 | ---- | M] (Side Effects Software Inc.) -- C:\WINDOWS\system32\sesinetd.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/07/10 02:10:53 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2005/09/21 14:13:44 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
PRC - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/07/13 10:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2004/07/13 10:45:05 | 000,077,824 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2003/08/19 11:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/08/14 21:11:32 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2003/07/14 20:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2003/07/07 19:50:08 | 000,557,056 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSub.exe
PRC - [2003/05/23 05:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/03/27 04:34:12 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2002/10/07 10:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/06/03 12:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe


========== Modules (SafeList) ==========

MOD - [2011/07/11 20:43:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/07/13 10:40:28 | 000,044,544 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll
MOD - [2002/06/03 12:37:50 | 000,167,936 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2008/05/17 01:18:22 | 002,138,112 | ---- | M] (Side Effects Software Inc.) [Auto | Running] -- C:\WINDOWS\system32\sesinetd.exe -- (HoudiniLicenseServer)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/07/10 02:10:53 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2005/09/21 14:13:44 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -- (mi-raysat_3dsmax8)
SRV - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/07/13 10:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/07 17:01:40 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110708.032\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/19 15:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110701.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/17 22:00:02 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110711.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/17 22:00:01 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110711.018\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/09 23:16:38 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 23:16:38 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/02 19:16:19 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/04/09 08:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/07/09 06:32:25 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2005/04/13 17:31:30 | 000,239,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/12/06 00:54:32 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 01:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/04/23 23:43:00 | 000,374,752 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSBGXP.sys -- (PRISM_A02)
DRV - [2004/02/17 06:49:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/09/03 11:01:22 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/13 22:50:36 | 000,039,648 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/07/02 02:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/19 04:59:00 | 000,140,800 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/05/06 18:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/11 11:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/02/20 19:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2001/06/04 17:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/04/09 09:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)
DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/07/09 03:21:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_0_8 [2011/07/11 22:15:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Owner\Application Data\Move Networks [2009/10/22 22:18:41 | 000,000,000 | ---D | M]

[2008/08/15 19:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vh9wclgl.default\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2008/03/24 21:21:00 | 002,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2011/07/11 13:42:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe ( )
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutorunsDisabled [2009/01/08 03:32:06 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/10 22:32:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/08/11 17:47:22 | 000,000,045 | ---- | M] () - D:\autorun.inf.vir -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/11 20:42:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/07/11 20:14:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/11 14:28:39 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2011/07/11 14:28:39 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2011/07/11 14:28:39 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/07/11 14:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNA3100 Smart Wizard
[2011/07/11 14:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2011/07/11 14:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2011/07/11 13:05:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/11 13:05:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/11 13:05:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/11 13:05:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/11 13:04:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/11 13:04:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/11 13:04:26 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/11 12:57:01 | 004,148,094 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/07/11 12:52:09 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/07/10 14:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2011/07/10 14:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/10 14:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/10 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/10 14:49:37 | 011,563,840 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2011/07/10 12:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\zfiles
[2011/07/10 11:39:20 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/07/10 03:09:05 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/10 00:29:33 | 002,558,968 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NPE.exe
[2011/07/09 04:54:53 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\23kjasd123.com
[2011/07/09 04:50:36 | 010,029,056 | ---- | C] (PC Tools Pty Ltd) -- C:\Documents and Settings\Owner\Desktop\HITScan.exe
[2011/07/07 15:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\LinkSys
[2011/07/07 15:13:47 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/11 22:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/11 22:15:27 | 000,272,437 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/07/11 22:15:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/11 22:15:09 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/07/11 22:15:05 | 000,027,903 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/07/11 22:15:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/11 22:14:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/11 22:14:48 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/11 20:43:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/07/11 18:35:18 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/11 14:32:01 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/11 14:32:01 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/11 14:28:38 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2011/07/11 14:28:38 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
[2011/07/11 13:42:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/11 12:57:16 | 004,148,094 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/07/11 12:55:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/07/11 12:52:09 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/07/10 14:50:26 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/10 14:49:37 | 011,563,840 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2011/07/10 11:39:23 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/07/10 03:09:45 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/10 03:09:22 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/10 00:29:33 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NPE.exe
[2011/07/09 04:55:07 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\23kjasd123.com
[2011/07/09 04:50:36 | 010,029,056 | ---- | M] (PC Tools Pty Ltd) -- C:\Documents and Settings\Owner\Desktop\HITScan.exe
[2011/07/07 19:12:48 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/07/07 16:25:27 | 000,001,383 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2011/07/07 16:09:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/07 12:27:20 | 034,106,326 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WUSB54GCv2_wizard_1.0.0.8.0,0.zip
[2011/07/06 00:02:58 | 000,169,472 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/05 18:29:42 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/07/02 06:30:23 | 009,357,586 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tay_Zonday_Chocolate_Rain.mp3
[2011/06/29 16:54:07 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/22 09:25:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

[LordMagoo]

========== Files Created - No Company Name ==========

[2011/07/11 14:28:39 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/07/11 14:28:38 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2011/07/11 14:28:38 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
[2011/07/11 13:05:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/11 13:05:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/11 13:05:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/11 13:05:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/11 13:05:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/11 12:55:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/07/11 00:55:40 | 2146,816,000 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/10 14:50:25 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/07 15:28:46 | 034,106,326 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WUSB54GCv2_wizard_1.0.0.8.0,0.zip
[2011/07/07 14:38:23 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2011/07/02 06:30:13 | 009,357,586 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Tay_Zonday_Chocolate_Rain.mp3
[2011/01/04 21:57:46 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/04 21:52:37 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/23 13:48:53 | 000,027,903 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2010/11/23 13:48:41 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2010/11/20 05:02:05 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/09/29 04:35:50 | 000,050,864 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/30 14:47:56 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/07 00:26:05 | 000,030,048 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2010/03/31 20:25:42 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/10/05 03:29:41 | 000,000,276 | ---- | C] () -- C:\WINDOWS\TheMatrix.ini
[2009/06/01 21:26:12 | 000,087,312 | ---- | C] () -- C:\WINDOWS\mws.exe
[2008/08/15 19:53:38 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/15 19:41:16 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/08/15 19:33:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/10/12 12:19:30 | 000,005,012 | ---- | C] () -- C:\WINDOWS\System32\hserver.ini
[2007/06/26 23:36:51 | 000,000,303 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/06/26 23:36:45 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2007/05/29 20:02:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/23 00:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/10 08:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006/12/12 12:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/09/22 18:15:57 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/08/30 13:51:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/30 13:51:27 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/07/09 06:32:25 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2006/07/09 06:32:16 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2006/05/02 01:33:38 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
[2005/12/16 00:13:59 | 000,003,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/13 00:58:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/10/01 13:34:15 | 000,001,295 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2005/10/01 13:30:14 | 000,001,297 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2005/08/31 16:26:12 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2005/04/30 13:37:31 | 000,035,190 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2005/01/20 01:38:28 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/01/11 23:37:21 | 000,062,398 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2005/01/01 02:44:11 | 000,000,285 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2004/09/10 22:54:23 | 000,001,011 | ---- | C] () -- C:\WINDOWS\vampire.ini
[2004/08/21 13:03:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/19 09:17:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2004/07/11 23:10:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/07/11 21:02:12 | 000,000,813 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/05/24 16:54:43 | 000,000,085 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2004/05/24 16:54:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2004/05/01 10:24:05 | 000,169,472 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/14 18:47:01 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2004/02/14 17:57:00 | 000,007,326 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2004/02/14 17:56:43 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/02/12 23:23:54 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/02/12 23:23:54 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/02/12 23:23:54 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/02/12 23:22:40 | 000,038,390 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2004/02/12 21:23:01 | 000,003,655 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/11/05 20:06:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/11/05 20:06:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/11/05 20:06:56 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/11/05 20:06:51 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/11/05 20:06:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/11/05 20:06:24 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/11/05 20:06:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/11/05 20:05:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/11/05 20:04:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/10/14 01:41:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/14 01:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/10/14 01:24:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/10/13 18:52:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/10/13 18:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/10/11 04:15:25 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2003/10/11 01:33:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/10/11 01:33:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/10/11 01:33:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/10/11 01:31:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/10/11 01:29:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/10/11 01:26:40 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2003/10/11 01:24:47 | 000,030,203 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/10/11 01:24:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/10/11 01:23:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/10/11 01:18:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/11 01:07:37 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/11 00:30:11 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2003/10/11 00:30:06 | 000,018,403 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2003/10/11 00:30:06 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2003/10/11 00:12:25 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2003/10/11 00:12:25 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2003/10/10 23:47:15 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2003/10/10 23:47:15 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2003/10/10 23:39:27 | 000,014,676 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2003/10/10 23:39:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2003/10/10 23:25:30 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2003/10/10 23:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/10/10 23:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/10/10 23:09:18 | 000,028,768 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2003/10/10 23:09:18 | 000,024,670 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2003/10/10 23:05:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/10 22:56:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/10/10 22:56:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/10/10 22:56:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/10/10 22:35:14 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/10 22:33:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/10/10 22:30:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/10/10 22:22:28 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/10 22:22:15 | 000,445,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/10/10 22:22:15 | 000,073,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/10/10 15:26:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/10 15:25:42 | 000,226,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/23 04:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/02/27 17:50:00 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll

========== LOP Check ==========

[2006/07/10 02:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2007/05/29 00:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2009/03/01 03:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2007/11/01 22:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/11/01 22:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007/11/01 22:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/12/22 20:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/01 21:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/07/11 20:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/29 04:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/23 18:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/03/01 23:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2005/09/05 19:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atari
[2011/06/01 17:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2011/06/08 22:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2003/10/14 01:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2005/01/20 01:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2009/06/01 21:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2004/03/15 10:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/03/16 15:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lionhead Studios
[2006/07/09 07:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MayaWebBrowser
[2010/09/14 00:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2010/08/08 22:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oberon Media
[2008/06/10 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2006/07/19 11:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2003/10/11 01:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2005/01/20 01:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2010/12/22 20:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
[2006/07/19 11:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2010/02/23 18:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2007/10/03 17:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2006/01/05 11:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP287FACF
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:322EAACD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >

 

[Broni]

OK, I can't see your IP settings, so...

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
• Report FF Proxy Settings
• List content of Hosts
• List IP configuration

Click Go and post the result.

 

[LordMagoo]

MiniToolBox by Farbar
Ran by Owner (administrator) on 11-07-2011 at 22:44:06
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================

========================= FF Proxy Settings: ==============================

"network.proxy.ftp", ":0"
"network.proxy.gopher", ":0"
"network.proxy.http", ":0"
"network.proxy.no_proxies_on", "localhost"
"network.proxy.share_proxy_settings", true
"network.proxy.socks", ":0"
"network.proxy.ssl", ":0"

========================= End of FF Proxy Settings ========================
=============== Hosts content: ============================================

127.0.0.1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "{4B220660-E01E-4840-80B1-78B3866C6C11}"

set address name="{4B220660-E01E-4840-80B1-78B3866C6C11}" source=dhcp
set dns name="{4B220660-E01E-4840-80B1-78B3866C6C11}" source=dhcp register=PRIMARY
set wins name="{4B220660-E01E-4840-80B1-78B3866C6C11}" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Magus

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter {4B220660-E01E-4840-80B1-78B3866C6C11}:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Wireless N-300 USB Adapter WNA3100 - Packet Scheduler Miniport

Physical Address. . . . . . . . . : C4-3D-C7-CB-ED-ED

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 213.109.68.247

213.109.73.249

Lease Obtained. . . . . . . . . . : Monday, July 11, 2011 10:17:41 PM

Lease Expires . . . . . . . . . . : Tuesday, July 12, 2011 10:17:41 PM

Server: UnKnown
Address: 213.109.68.247

Name: google.com
Addresses: 74.125.115.99, 74.125.115.104, 74.125.115.147, 74.125.115.105
74.125.115.106, 74.125.115.103



Pinging google.com [74.125.91.99] with 32 bytes of data:



Reply from 74.125.91.99: bytes=32 time=50ms TTL=51

Reply from 74.125.91.99: bytes=32 time=52ms TTL=51



Ping statistics for 74.125.91.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 50ms, Maximum = 52ms, Average = 51ms

Server: UnKnown
Address: 213.109.68.247

Name: yahoo.com
Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70
67.195.160.76



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=88ms TTL=53

Reply from 72.30.2.43: bytes=32 time=87ms TTL=52



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 87ms, Maximum = 88ms, Average = 87ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...c4 3d c7 cb ed ed ...... Wireless N-300 USB Adapter WNA3100 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.3 192.168.1.3 20
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 25
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 25
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 25
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

 

[Broni]

That bad entry still exist:
DNS Servers . . . . . . . . . . . : 213.109.68.247

Re-run MiniToolbox.

Checkmark following boxes:

• Flush DNS
• Reset FF Proxy Settings

Click Go and post the result.

Restart computer.

Re-run MiniToolbox.

Checkmark following boxes:

• Report IE Proxy Settings
• Report FF Proxy Settings
• List content of Hosts
• List IP configuration

Click Go and post the result.

 

[LordMagoo]

MiniToolBox by Farbar
Ran by Owner (administrator) on 11-07-2011 at 22:59:47
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


================= Flush DNS: ==============================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


================= End of Flush DNS ========================================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.



Report 2:
MiniToolBox by Farbar
Ran by Owner (administrator) on 11-07-2011 at 23:10:09
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================

========================= FF Proxy Settings: ==============================


========================= End of FF Proxy Settings ========================

================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "{4B220660-E01E-4840-80B1-78B3866C6C11}"

set address name="{4B220660-E01E-4840-80B1-78B3866C6C11}" source=dhcp
set dns name="{4B220660-E01E-4840-80B1-78B3866C6C11}" source=dhcp register=PRIMARY
set wins name="{4B220660-E01E-4840-80B1-78B3866C6C11}" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Magus

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter {4B220660-E01E-4840-80B1-78B3866C6C11}:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Wireless N-300 USB Adapter WNA3100 - Packet Scheduler Miniport

Physical Address. . . . . . . . . : C4-3D-C7-CB-ED-ED

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 213.109.68.247

213.109.73.249

Lease Obtained. . . . . . . . . . : Monday, July 11, 2011 11:03:41 PM

Lease Expires . . . . . . . . . . : Tuesday, July 12, 2011 11:03:41 PM

Server: UnKnown
Address: 213.109.68.247

Name: google.com
Addresses: 74.125.115.99, 74.125.115.147, 74.125.115.105, 74.125.115.103
74.125.115.106, 74.125.115.104



Pinging google.com [74.125.115.147] with 32 bytes of data:



Reply from 74.125.115.147: bytes=32 time=56ms TTL=51

Reply from 74.125.115.147: bytes=32 time=59ms TTL=51



Ping statistics for 74.125.115.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 59ms, Average = 57ms

Server: UnKnown
Address: 213.109.68.247

Name: yahoo.com
Addresses: 209.191.122.70, 69.147.125.65, 98.137.149.56, 72.30.2.43
67.195.160.76



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=85ms TTL=52

Reply from 72.30.2.43: bytes=32 time=89ms TTL=53



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 85ms, Maximum = 89ms, Average = 87ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...c4 3d c7 cb ed ed ...... Wireless N-300 USB Adapter WNA3100 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.3 192.168.1.3 20
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 25
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 25
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 25
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

 

[Broni]

It's still there.

Repeat steps from my reply #23, but after turning the computer off reset your router one more time.