Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Removal of Win32/Alureon [Solved]


  • This topic is locked This topic is locked

#1
jcm5594

jcm5594

    Member

  • Member
  • PipPip
  • 11 posts
Recently I started up my Laptop and received numerous errors. The first was headed "jusched.exe - Entry Point not found." When i close the window, javascript stops working. When i try to access Firefox or IE, I get a message that says firefox.exe (or ie.exe) - Bad image. The description says that a certain .dll file is not designed to run with windows or contains an error. Also, My CPU usage meter is reading at least 40% more than usual. When i tried to run a scan with Norton AntiVirus it froze both times I tried. I downloaded AVG Free antivirus and did a scan in Safe Mode.

It came up with a virus called Win32/Alureon. I looked online and saw that it was difficult to remove and damages system files.

I'd like to know how to go about removing the virus and what extra steps, if any, i should take.
  • 0

Advertisements


#2
Transience

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Hello and welcome to Geeks to Go! I'm Dave and I'll be helping you out. Let's get started:

Please go to the GMER Rootkit Scanner Download Site.
  • Click on the Download EXE button.
  • The file you are downloading will have a random name in order to circumvent the attempts of malware to block it from running.
  • Take note of the name of the file (please don't change it), and then save it directly to your desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click on the file you downloaded (Vista users please right-click it and select Run as Administrator). The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure that the "Show all" box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity, don't worry.
  • Click Ok.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it to a location where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

Then:

Please visit this webpage for download links and instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

Download and save ComboFix.exe to your desktop from any of the download links provided in the above guide.

Once you have downloaded the file, return to the above link and continue with the instructions provided there for running ComboFix. Be sure that you read ALL of the instructions on that page very carefully and follow them exactly. It is particularly important to disable all your protection programs before running ComboFix. If you need further help figuring out how to disable a specific program look here. Installing the recovery console if you're running an XP machine is another critical step. By following the directions in that guide closely, you give ComboFix the best chance at a successful run and minimize the likelihood of having potentially serious problems occur after an attempted removal of malware.

Once the program has finished running its log should pop up automatically, or if for some reason you lose it it can found at C:\ComboFix.txt. Please post the log's contents in your next reply.

Cheers,
Dave
  • 0

#3
jcm5594

jcm5594

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I ran into a problem.

A while after the start of the GMER scan, windows told me that the .exe stopped working. Ive tried 3 times with no change.

When GMER starts, a service on the list is in red text, (if thats important at all.)

How should i proceed?
  • 0

#4
jcm5594

jcm5594

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
**UPDATE**

I ran GMER with devices unchecked (thats where it would freeze.) Here's the log::

GMER 1.0.15.15077 [test.exe.exe] - http://www.gmer.net
Rootkit scan 2009-08-22 21:35:02
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT 8A5FF048 ZwAlertResumeThread
SSDT 8A5FA048 ZwAlertThread
SSDT 91DFE330 ZwAllocateVirtualMemory
SSDT 89D84A18 ZwAlpcConnectPort
SSDT 91BF4648 ZwAssignProcessToJobObject
SSDT 91F8C308 ZwCreateMutant
SSDT 91FA37A0 ZwCreateSymbolicLinkObject
SSDT 91BBE360 ZwCreateThread
SSDT 91BDCCC0 ZwDebugActiveProcess
SSDT 91DFE548 ZwDuplicateObject
SSDT 91DFFB30 ZwFreeVirtualMemory
SSDT 91BC0048 ZwImpersonateAnonymousToken
SSDT 9199F048 ZwImpersonateThread
SSDT 89D849A0 ZwLoadDriver
SSDT 91F84008 ZwMapViewOfSection
SSDT 91BBC048 ZwOpenEvent
SSDT 91DFE7E8 ZwOpenProcess
SSDT 89F3F108 ZwOpenProcessToken
SSDT 91BDC048 ZwOpenSection
SSDT 91DFE698 ZwOpenThread
SSDT 91FA2A80 ZwProtectVirtualMemory
SSDT 89DF79E0 ZwResumeThread
SSDT 89FFB068 ZwSetContextThread
SSDT 91DFF790 ZwSetInformationProcess
SSDT 91BF2048 ZwSetSystemInformation
SSDT 91BBA048 ZwSuspendProcess
SSDT 8A3FCF08 ZwSuspendThread
SSDT 8A14EDE0 ZwTerminateProcess
SSDT 8A3FD048 ZwTerminateThread
SSDT 89F53108 ZwUnmapViewOfSection
SSDT 91DFFF00 ZwWriteVirtualMemory
SSDT 91FA3E30 ZwCreateThreadEx

Code 89D89140 ZwEnumerateKey
Code 89D89108 ZwFlushInstructionCache
Code 89D3C00E ZwSaveKey
Code 89D3CCBE ZwSaveKeyEx
Code 89D40A6D IofCallDriver
Code 89DB1DE6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCompleteRequest 81A3DFE2 5 Bytes JMP 89DB1DEB
.text ntkrnlpa.exe!KeSetTimerEx + 350 81ABC914 8 Bytes [48, F0, 5F, 8A, 48, A0, 5F, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 364 81ABC928 4 Bytes [30, E3, DF, 91]
.text ntkrnlpa.exe!KeSetTimerEx + 370 81ABC934 4 Bytes [18, 4A, D8, 89]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 81ABC988 4 Bytes [48, 46, BF, 91]
.text ntkrnlpa.exe!KeSetTimerEx + 428 81ABC9EC 4 Bytes [08, C3, F8, 91] {OR BL, AL; CLC ; XCHG ECX, EAX}
.text ...
.text ntkrnlpa.exe!IofCallDriver 81ABFF6F 5 Bytes JMP 89D40A72
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81BB630B 5 Bytes JMP 89D8910C
PAGE ntkrnlpa.exe!ZwEnumerateKey 81C0BBA2 5 Bytes JMP 89D89144
PAGE ntkrnlpa.exe!ZwSaveKey 81C59523 5 Bytes JMP 89D3C012
PAGE ntkrnlpa.exe!ZwSaveKeyEx 81C5962A 5 Bytes JMP 89D3CCC2

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73987BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [739C98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7398D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7397F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73987599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7397E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [739BB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7398D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7398012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73980095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [739771F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73A0D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [739A75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7397DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7397668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [739766BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73981E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\Windows\System32\alg.exe? (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\ESQULudjxdtctxipcnryhvmuckpmreidvmwdq.sys (*** hidden *** ) [SYSTEM] ESQULserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272111e79
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272111e79@00165304115d 0x48 0x33 0x7E 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys@imagepath \systemroot\system32\drivers\ESQULudjxdtctxipcnryhvmuckpmreidvmwdq.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys\modules@ESQULserv \\?\globalroot\systemroot\system32\drivers\ESQULudjxdtctxipcnryhvmuckpmreidvmwdq.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys\modules@ESQULl \\?\globalroot\systemroot\system32\ESQULcdocxivvnfyiipotfcwneyqgqdaybxqn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys\modules@ESQULclk \\?\globalroot\systemroot\system32\ESQULbogsnuenpwvejftvjoruiegtgqaabtyt.dll
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272111e79 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272111e79@00165304115d 0x48 0x33 0x7E 0x86 ...
Reg HKLM\SYSTEM\ControlSet003\Services\ESQULserv.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\ESQULserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\ESQULserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\ESQULserv.sys@imagepath \systemroot\system32\drivers\ESQULudjxdtctxipcnryhvmuckpmreidvmwdq.sys
Reg HKLM\SYSTEM\ControlSet003\Services\ESQULserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\ESQULserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\ESQULserv.sys\modules@ESQULserv \\?\globalroot\systemroot\system32\drivers\ESQULudjxdtctxipcnryhvmuckpmreidvmwdq.sys
Reg HKLM\SYSTEM\ControlSet003\Services\ESQULserv.sys\modules@ESQULl \\?\globalroot\systemroot\system32\ESQULcdocxivvnfyiipotfcwneyqgqdaybxqn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ESQULserv.sys\modules@ESQULclk \\?\globalroot\systemroot\system32\ESQULbogsnuenpwvejftvjoruiegtgqaabtyt.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4500 series@ChangeID 1942384

---- EOF - GMER 1.0.15 ----
  • 0

#5
Transience

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Glad you could get GMER to run, go ahead with this please:

1. ComboFix

Please visit this webpage for download links and instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

Click on any of the links at that website to download ComboFix. At the window that appears, please change the name of the file from ComboFix.exe to svchost.exe. This name is important and must be exactly as I have given it to you here. Once you have changed the name, save the renamed file directly to your desktop.

Return to the above link and continue with the instructions provided there for running ComboFix. Be sure that you read ALL of the instructions on that page very carefully and follow them exactly. It is particularly important to disable all your protection programs before running ComboFix. If you need further help figuring out how to disable a specific program look here. Installing the recovery console if you're running an XP machine is another critical step. By following the directions in that guide closely, you give ComboFix the best chance at a successful run and minimmize the likelihood of having potentially serious problems occur after an attempted removal of malware.

Once the program has finished running its log should pop up automatically, or if for some reason you lose it it can found at C:\ComboFix.txt. Please post the log's contents in your next reply.

Cheers,
Dave
  • 0

#6
jcm5594

jcm5594

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
And heres the ComboFix log


ComboFix 09-08-22.06 - Joey 08/22/2009 23:45.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3068.2163 [GMT -4:00]
Running from: c:\users\Joey\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1872411387-2874581034-978215163-500
c:\$recycle.bin\S-1-5-21-2131285163-59553975-990395356-500
C:\install.exe
c:\windows\Installer\1ca0c.msi
c:\windows\system32\drivers\ESQULudjxdtctxipcnryhvmuckpmreidvmwdq.sys
c:\windows\system32\ESQULbogsnuenpwvejftvjoruiegtgqaabtyt.dll
c:\windows\system32\ESQULcdocxivvnfyiipotfcwneyqgqdaybxqn.dll
c:\windows\system32\fltrkl11.dll
c:\windows\system32\TIControlPanel.cpl.manifest

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-23 00:09 . 2009-08-23 03:16 361130995 ----a-w- c:\windows\MEMORY.DMP
2009-08-22 21:20 . 2009-08-23 02:36 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-22 20:18 . 2009-08-22 20:18 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-22 20:18 . 2009-08-22 20:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-22 20:18 . 2009-08-22 20:18 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-22 20:18 . 2009-08-22 20:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-22 20:18 . 2009-08-22 20:18 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-22 20:18 . 2009-08-22 20:18 -------- d-----w- c:\program files\AVG
2009-08-22 16:14 . 2009-08-22 16:14 -------- d-----w- c:\windows\system32\atastem32
2009-08-22 15:25 . 2009-08-22 20:13 582662 ----a-w- c:\windows\ntbtlog.txt
2009-08-22 04:20 . 2009-08-23 03:16 4 ----a-w- c:\windows\system32\ESQULzxspectrum
2009-08-22 04:19 . 2009-08-22 04:19 84992 ----a-w- c:\windows\system32\msihost.exe
2009-08-20 21:03 . 2009-08-20 21:17 -------- d-----w- C:\divx
2009-08-20 20:58 . 2009-08-20 20:58 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-20 20:58 . 2009-08-20 20:58 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-17 18:19 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2009-08-16 05:15 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-16 05:15 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-16 05:15 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-16 05:15 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-16 05:15 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-16 05:15 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-16 05:15 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-16 05:15 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-13 01:29 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 01:28 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 01:28 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 01:28 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 01:28 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 01:28 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 01:28 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-08-13 01:28 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 01:28 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 01:28 . 2009-07-14 08:30 43520 ----a-w- c:\windows\system32\msdxm.tlb
2009-08-13 01:28 . 2009-07-14 08:30 18432 ----a-w- c:\windows\system32\amcompat.tlb
2009-08-11 17:01 . 2009-08-11 17:01 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-08-10 02:23 . 2009-08-10 02:23 -------- d-----w- c:\program files\Banana Security
2009-08-09 21:31 . 2009-08-09 21:31 -------- d-----r- c:\program files\Norton Support
2009-08-09 04:06 . 2009-08-10 00:30 -------- d-----w- c:\program files\KeyLemon
2009-08-01 23:00 . 2009-08-23 03:53 -------- d-----w- c:\users\Guest
2009-07-26 04:56 . 2007-08-13 18:51 446464 ----a-w- c:\windows\system32\wmvdmoe.dll
2009-07-26 04:55 . 2009-07-29 02:26 -------- d-----w- c:\program files\Active WebCam
2009-07-26 04:43 . 2009-07-26 04:45 52679 ----a-w- C:\Installer.log
2009-07-26 04:43 . 2009-07-26 04:45 0 ----a-w- C:\Debug.QC6
2009-07-26 04:43 . 2009-07-26 04:54 496784 ----a-w- C:\MSIInstall.log

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-01 02:47 . 2009-01-10 21:10 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-31 10:01 . 2008-08-31 10:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-01-31 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-17 1348904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-05 442467]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-07-15 814144]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-07-24 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-08-02 1144104]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-08-02 210216]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-07-24 468264]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-08-08 910128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-22 2007832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-05-03 00:36 197912 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7AE95197-FD7C-461B-904C-33A6C82A6E90}"= c:\program files\Hewlett-Packard\Media\DVD\TSMAgent.exe:HP TouchSmart Media Resident Program
"{D5349C96-0A5D-4849-8099-7195365128CE}"= c:\program files\Hewlett-Packard\Media\DVD\HPDVDSmart.exe:HP MediaSmart DVD
"{94ECD51E-C698-494F-AC07-21113AA70E6E}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe:HP TouchSmart Music
"{B0B01B66-23DB-4FBC-93DA-6C5129BE5F43}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{60D07EB9-E49F-4F47-81C6-C9C883F42813}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe:HP TouchSmart Video
"{4E1F3826-EBC3-477D-9337-B546445641E6}"= c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe:HP TouchSmart Media Resident Program
"{453CBE74-8A5C-4FD6-B359-4A196AA340CB}"= c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{E2EB954D-B74C-4DD9-A49B-74F1DD724C68}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{234DC40D-F683-4E31-A256-551F19E75337}"= e:\setup\hpznui01.exe:hpznui01.exe
"{98036EC3-A3EE-4A4E-823F-9BF9EBD9CD3A}"= TCP:427|RPort=427|c:\windows\system32\svchost.exe|Svc=HPSLPSVC:SLP_Service
"{6F989582-8531-4B59-AC1B-393F18F14096}"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{63319568-FCB2-43D6-B4BC-BD3C3749FCF9}"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{EB0862B8-8396-40E0-9B8E-959E33A63783}"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{FA0FE2A0-A615-468F-8DF8-26B4101B15AD}"= c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{2C17EC33-E3F7-4F39-95BA-373B624671EA}"= c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{AFCA9952-22E9-48BE-B667-B853DCED3A3D}"= c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{851BC13D-A27C-4CD5-8529-9DC937CF29B3}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{15048683-FDDD-42D8-854C-CBF72E729FC9}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{67F72E9A-027A-4274-AF2B-DA34D6F6FC5F}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{08B4C1CE-AF6D-4EA3-9BFE-2732C9FE0CE0}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{DE8DE435-CDA6-4BBB-A2C3-AB0D96A15732}"= c:\program files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
"{AB3FB837-E9A6-41C5-A4AA-0C7A813EDA53}"= c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe
"{631209CD-C81C-4B4C-B0A0-C62BA2BD685F}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{80E0CA92-857D-4F8E-A58E-9E1E7F52F67E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9D375992-EE48-4945-9DFC-43AFD1F64328}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{25F38362-C751-4F3D-B787-7D95C2A41E56}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{B0C37EE2-238E-418C-AD2C-EB48B2B8DC01}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{B2E4B395-CEE9-4E85-B6D5-BA54AC10D0D4}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{2768BC41-34C0-4523-A4E0-A7C994BBB265}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4F56893E-D0A6-4682-88B6-4709A9C877CD}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{4AD22602-FFC0-42D7-8DC2-133676552FD4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E2F37E4A-D5BF-4E1B-9B9E-BDA363D6CE0D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A5C12913-8C15-4542-876A-F604281CD0AC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AC682CFB-2DC9-4076-B4CD-0216245F911E}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{D2C7FFCF-FDEA-492C-A600-9B112CC07C64}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{2C676154-F051-4BAB-98F5-93C7C7EE224E}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{E02437DF-5443-44CC-87A2-EA1ED0A4CF69}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{1E26EA70-7503-4705-B702-265D623F2BE1}"= UDP:c:\program files\Combat Arms\NMService.exe:Nexon Messenger Core
"{58FBBCA9-EB5F-408E-ABBC-7410D90BF3A3}"= TCP:c:\program files\Combat Arms\NMService.exe:Nexon Messenger Core
"{BA04D957-C4A5-46A2-87EB-1A1588C32E2C}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A0B534E2-A257-4D10-94A7-0105560D8760}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{41D9801F-0A84-4B66-8C0C-FBEA4F241AA6}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{0C86AE7D-48F8-4408-9A4C-B9AEC8C3363E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EBF0D473-20AB-42B8-8166-CE86438B1920}"= UDP:c:\users\Joey\Downloads\LimeWire\LimeWire.exe:LimeWire
"{7FC19854-8283-4182-909E-AFF6A442D8DB}"= TCP:c:\users\Joey\Downloads\LimeWire\LimeWire.exe:LimeWire
"{0295F191-00AB-47E9-82D1-5A6088C6CBEE}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{A0995439-99EA-4EFB-B045-89308A1FC99B}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R?2 Windows MSI;Windows MSI;\\?\c:\windows\system32\msihost.exe [8/22/2009 12:19 AM 84992]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [5/23/2009 10:43 PM 310320]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [8/22/2009 4:18 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [8/22/2009 4:18 PM 108552]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys [5/23/2009 10:43 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.087\cchpx86.sys [5/23/2009 10:43 PM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys [8/11/2009 10:26 PM 293424]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [7/24/2008 12:55 AM 59376]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a33c8195\AEstSrv.exe [1/4/2009 5:39 AM 77824]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/22/2009 4:18 PM 297752]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [3/18/2008 8:24 PM 24880]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [5/23/2009 10:43 PM 115560]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [8/31/2008 9:34 AM 361808]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [11/14/2008 3:11 AM 17184]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [5/26/2008 9:43 AM 599344]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [8/31/2008 6:11 AM 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [4/28/2008 6:54 AM 54784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/22/2009 7:15 PM 101936]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [7/7/2008 3:16 PM 96856]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 4:40 PM 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [6/26/2009 10:55 PM 66080]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087\symndisv.sys [5/23/2009 10:43 PM 39984]
R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [5/26/2008 9:44 AM 40752]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\System32\drivers\fantom.sys [3/10/2006 3:55 PM 39424]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\System32\drivers\WSDPrint.sys [1/20/2008 10:23 PM 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\87eli2ez.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(5524)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\System32\srchadmin.dll
c:\windows\system32\btncopy.dll
c:\windows\System32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a33c8195\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe
c:\program files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\UltraMon\UltraMon.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\ehome\mcupdate.exe
.
**************************************************************************
.
Completion time: 2009-08-23 0:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 04:11

Pre-Run: 155,981,631,488 bytes free
Post-Run: 155,849,121,792 bytes free

360 --- E O F --- 2009-08-17 18:22
  • 0

#7
Transience

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Hello

Quick heads-up before you before we continue:

I see you're using or have in the past used p2p software such as uTorrent and LimeWire. Although p2p programs are not usually malware in their own right, oftentimes malware is installed alongside them. Even if the program is clean, people often upload infected files to be shared using these programs, and it is very easy to end up compromising your PC. It's your decision about whether or not you use p2p programs, you don't have to remove them to be deemed clean and I'll still give you help if you want to keep them. It's just important that you're aware of the risks. If you want to continue using p2p programs that's fine with me, all I ask is that you not download anything from them until you're clean so we aren't taking steps backwards here. To remove p2p programs if you wish to do so, uninstall them from the Add/Remove Programs (it's Programs and Features in Vista) menu of your Control Panel.

Few leftovers to take care of:

1. Run a ComboFix script
  • Copy the entire contents of the code box below to notepad (Start > Programs > Accessories > Notepad).
  • Click on File > Save and name the file CFScript.txt. This name is important and must not be changed.
  • Change the Save as Type to All Files.
  • Save it directly on your desktop.
KillAll::

File::
c:\windows\system32\ESQULzxspectrum
c:\windows\system32\msihost.exe

DirLook::
c:\windows\system32\atastem32

Driver::
Windows MSI

SysRst::
Note: If you are not the topic starter, DO NOT download or run this script as it could cause irreversible damage to your computer.

Please note that the same procedure applies to running ComboFix this time as before - disable your protection programs beforehand, close all other programs, don't interrupt it for any reason etc.

Posted Image

Once the script is saved, refering to the picture above, drag CFScript.txt into ComboFix.exe. This will cause ComboFix to start again. Allow it to complete running, following any prompts. Once the program has completed the log should appear automatically, if it doesn't it can be found at C:\ComboFix.txt. Please post the contents of that log in your next reply.

Cheers,
Dave
  • 0

#8
jcm5594

jcm5594

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
anoher issue came up.

When i try to run the script, the combofix loading bar comes up and then a get a windows message saying GSAR.CFEXE has stopped working. Combofix seems to stop running after that.
  • 0

#9
Transience

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Please delete your current copy of ComboFix as well as the folders C:\ComboFix and C:\Qoobox if they exist. Then download a fresh copy of ComboFix from the link in my first post, save it, and try running the script again.

Cheers,
Dave
  • 0

#10
jcm5594

jcm5594

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I tried what you said buy the same problem keeps comming up...
  • 0

Advertisements


#11
Transience

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Alright let's try a different angle:

1. OTL Fixes
  • Please download OTL to your desktop.
  • Please double click on OTL to run it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the complete contents of the code box below:

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Services
    Windows MSI
    
    :Reg
    
    :Files
    c:\windows\system32\ESQULzxspectrum
    c:\windows\system32\msihost.exe
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot when it is done if your computer does not do so automatically.
  • Once you've rebooted, please run a scan with OTL and post back the fresh log.
Cheers,
Dave
  • 0

#12
jcm5594

jcm5594

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here you go:

OTL logfile created on: 8/23/2009 10:19:18 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Joey\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 90.52% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.29 Gb Total Space | 144.94 Gb Free Space | 50.10% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 1.63 Gb Free Space | 18.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 600.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOEY-PC
Current User Name: Joey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/07/25 09:28:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/08/05 13:12:16 | 00,225,369 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a33c8195\STacSV.exe
PRC - [2008/08/07 15:37:24 | 00,024,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\Hpservice.exe
PRC - [2007/09/23 12:31:24 | 00,221,184 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
PRC - [2007/09/12 18:58:26 | 00,099,752 | ---- | M] () -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
PRC - [2008/05/26 09:43:58 | 00,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008/07/14 23:15:10 | 00,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2008/06/27 11:53:08 | 00,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a33c8195\aestsrv.exe
PRC - [2009/08/22 16:18:09 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/15 21:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/02/26 18:13:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/05/23 22:43:17 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2009/04/21 15:26:32 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/08/22 16:18:14 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/22 16:18:14 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/07/23 22:35:42 | 00,292,216 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/07/23 22:35:42 | 00,116,080 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/08/06 20:37:22 | 00,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/04/29 07:22:36 | 00,241,734 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe
PRC - [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/05/23 22:43:17 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2008/01/20 22:23:41 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe
PRC - [2008/07/16 23:02:46 | 01,348,904 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/08/05 13:10:48 | 00,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/04/15 21:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/07/14 23:15:10 | 00,814,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2008/08/01 19:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/07/24 00:55:46 | 01,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/08/02 04:13:34 | 01,144,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/08/02 04:13:44 | 00,210,216 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/07/23 22:35:12 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/08/07 21:19:10 | 00,910,128 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/01/12 01:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/06/16 11:03:20 | 00,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008/03/25 22:27:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/04/15 17:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/12 12:41:06 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/01/21 14:19:54 | 00,092,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/01/20 22:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/03/02 22:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/02/26 18:08:32 | 02,289,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/01/20 22:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/20 22:23:29 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2007/07/16 11:04:40 | 00,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/03/25 21:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/01/20 22:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/20 22:23:29 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/07/16 23:02:54 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2007/09/26 10:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/04/11 12:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/03/25 21:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2008/03/25 21:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/26 03:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/06/16 11:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
PRC - [2009/08/23 22:03:46 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/06/27 11:53:08 | 00,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a33c8195\aestsrv.exe -- (AESTFilters [Auto | Running])
SRV - [2008/07/27 14:03:11 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/22 16:18:09 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [2008/07/14 23:15:10 | 00,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost [Auto | Running])
SRV - [2008/01/20 22:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/20 22:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/02/18 00:21:12 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2008/06/16 11:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/03/25 21:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008/03/25 22:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2008/03/25 22:25:50 | 00,630,784 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC [Auto | Running])
SRV - [2008/08/07 15:37:24 | 00,024,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\Hpservice.exe -- (hpsrv [Auto | Running])
SRV - [2008/04/15 21:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/02/26 18:13:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/02/28 12:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/05/23 22:43:17 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
SRV - [2008/07/25 09:28:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/02/28 12:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2009/04/21 15:26:32 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2008/07/23 22:35:42 | 00,292,216 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (QPCapSvc [Auto | Running])
SRV - [2008/07/23 22:35:42 | 00,116,080 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (QPSched [Auto | Running])
SRV - [2008/08/06 20:37:22 | 00,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2008/04/29 07:22:36 | 00,241,734 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008/08/05 13:12:16 | 00,225,369 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a33c8195\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2008/05/26 09:43:58 | 00,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService [Auto | Running])
SRV - [2008/01/20 22:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2007/09/23 12:31:24 | 00,221,184 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe -- (WindowBlinds [Auto | Running])
SRV - [2008/01/20 22:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/12/12 12:41:18 | 05,117,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/12/12 12:41:08 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/08/07 15:31:52 | 00,034,608 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV - [2008/01/20 22:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Boot | Running])
DRV - [2008/01/20 22:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Boot | Running])
DRV - [2008/01/20 22:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Boot | Running])
DRV - [2008/01/20 22:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Boot | Running])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Boot | Running])
DRV - [2008/01/20 22:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Boot | Running])
DRV - [2008/01/20 22:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Boot | Running])
DRV - [2008/01/20 22:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Boot | Running])
DRV - [2009/08/22 16:18:29 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/22 16:18:28 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/08/22 16:18:29 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2009/05/23 22:43:19 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [On_Demand | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [On_Demand | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [On_Demand | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2007/07/15 20:20:22 | 00,079,400 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio [On_Demand | Stopped])
DRV - [2007/07/15 20:20:24 | 00,080,936 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt [On_Demand | Stopped])
DRV - [2007/07/15 20:20:26 | 00,016,168 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\DRIVERS\btwrchid.sys -- (btwrchid [On_Demand | Stopped])
DRV - [2009/05/23 22:43:19 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2008/01/20 22:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Boot | Running])
DRV - [2008/01/20 22:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2009/08/22 03:23:30 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2008/01/20 22:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Boot | Running])
DRV - [2008/04/28 06:54:58 | 00,054,784 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\Windows\System32\DRIVERS\enecir.sys -- (enecir [On_Demand | Running])
DRV - [2009/08/22 03:23:30 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2006/03/10 15:55:18 | 00,039,424 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\DRIVERS\fantom.sys -- (FANTOM [On_Demand | Stopped])
DRV - [2009/06/14 20:10:44 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2008/01/20 22:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Boot | Running])
DRV - [2008/08/07 15:42:12 | 00,025,392 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV - [2007/06/18 20:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV - [2008/04/15 21:53:44 | 00,312,344 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/01/20 22:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Boot | Running])
DRV - [2009/07/11 15:34:11 | 00,293,424 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090810.001\IDSvix86.sys -- (IDSVix86 [System | Running])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Boot | Running])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Boot | Running])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Boot | Running])
DRV - [2008/07/07 15:16:26 | 00,096,856 | ---- | M] (JMicron Technology Corporation) -- C:\Windows\System32\DRIVERS\jmcr.sys -- (JMCR [On_Demand | Running])
DRV - [2008/01/20 22:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Boot | Running])
DRV - [2008/01/20 22:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Boot | Running])
DRV - [2008/01/20 22:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Boot | Running])
DRV - [2008/07/13 22:10:44 | 00,101,120 | ---- | M] (MagicISO, Inc.) -- C:\Windows\System32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])
DRV - [2008/01/20 22:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Boot | Running])
DRV - [2008/01/20 22:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Boot | Running])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Boot | Running])
DRV - [2009/08/22 03:23:30 | 00,087,888 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090823.021\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/08/22 03:23:30 | 00,875,728 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090823.021\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2008/01/20 22:23:20 | 02,225,664 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw3v32.sys -- (NETw3v32 [On_Demand | Stopped])
DRV - [2008/11/17 16:40:22 | 03,668,480 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw5v32.sys -- (NETw5v32 [On_Demand | Running])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Boot | Running])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [On_Demand | Stopped])
DRV - [2009/06/26 22:55:12 | 00,066,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA [On_Demand | Running])
DRV - [2008/07/25 09:28:00 | 07,547,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2008/01/20 22:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
DRV - [2008/01/20 22:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2008/01/20 22:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Boot | Running])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Boot | Running])
DRV - [2009/05/25 06:50:44 | 00,164,864 | ---- | M] (Realtek ) -- C:\Windows\System32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2007/08/06 20:15:07 | 00,033,052 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/20 22:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Boot | Running])
DRV - [2009/05/23 22:43:20 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\SRTSP.SYS -- (SRTSP [On_Demand | Stopped])
DRV - [2009/05/23 22:43:20 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2008/08/05 13:13:50 | 00,382,976 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DRIVERS\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2008/01/20 22:23:27 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Boot | Running])
DRV - [2009/05/23 22:43:20 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009/05/23 22:43:26 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/05/23 22:43:20 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/05/23 22:43:20 | 00,025,136 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\DRIVERS\SymIMv.sys -- (SymIM [System | Running])
DRV - [2009/05/23 22:43:20 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\SYMNDISV.SYS -- (SYMNDISV [On_Demand | Running])
DRV - [2009/05/23 22:43:20 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Boot | Running])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Boot | Running])
DRV - [2008/07/16 23:02:50 | 00,201,136 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2004/02/04 11:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB [On_Demand | Stopped])
DRV - [2008/01/20 22:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Boot | Running])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Boot | Running])
DRV - [2008/01/20 22:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Boot | Running])
DRV - [2008/11/14 03:11:30 | 00,017,184 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility [Auto | Running])
DRV - [2008/01/20 22:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2007/04/09 10:53:24 | 00,012,672 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2007/04/09 10:56:22 | 00,021,248 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2007/04/09 10:55:08 | 00,022,912 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2008/05/26 09:44:14 | 00,040,752 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x [On_Demand | Running])
DRV - [2008/01/20 22:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Boot | Running])
DRV - [2008/01/20 22:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Boot | Running])
DRV - [2008/01/20 22:23:26 | 00,031,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\WinUSB.sys -- (WinUSB [On_Demand | Stopped])
DRV - [2009/01/13 19:13:20 | 00,019,336 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
DRV - [2009/01/13 19:13:28 | 00,029,192 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])
DRV - [2009/01/13 19:13:44 | 00,014,728 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
DRV - [2009/01/13 19:13:52 | 00,049,160 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])
DRV - [2008/01/20 22:23:21 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\WSDPrint.sys -- (WSDPrintDevice [On_Demand | Running])
DRV - [2006/11/02 03:30:56 | 00,194,048 | ---- | M] (Marvell) -- C:\Windows\System32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Stopped])
DRV - [2008/07/24 00:55:40 | 00,059,376 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {bbfec13c-8cb2-53f2-b852-999eb2a852c9}:0.1.4
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/31 08:27:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009/01/04 06:10:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/17 14:22:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/22 16:18:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/10 20:21:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/20 16:59:03 | 00,000,000 | ---D | M]

[2009/03/22 22:35:12 | 00,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\mozilla\Extensions
[2009/01/10 17:10:57 | 00,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/22 22:35:12 | 00,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/08/22 22:41:48 | 00,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\mozilla\Firefox\Profiles\87eli2ez.default\extensions
[2009/08/17 15:22:18 | 00,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\mozilla\Firefox\Profiles\87eli2ez.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/06 19:41:17 | 00,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\mozilla\Firefox\Profiles\87eli2ez.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2009/01/10 17:18:44 | 00,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\mozilla\Firefox\Profiles\87eli2ez.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/06/04 15:05:11 | 00,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\mozilla\Firefox\Profiles\87eli2ez.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/01/31 15:09:13 | 00,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\mozilla\Firefox\Profiles\87eli2ez.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2009/01/31 15:11:18 | 00,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\mozilla\Firefox\Profiles\87eli2ez.default\extensions\{bbfec13c-8cb2-53f2-b852-999eb2a852c9}
[2009/08/10 20:24:30 | 00,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\mozilla\Firefox\Profiles\87eli2ez.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/08/23 22:15:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/10 20:21:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/12 15:19:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/05 16:05:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/30 07:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 07:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/31 22:47:26 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 18:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/04/20 16:35:31 | 00,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll
[2009/07/30 07:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/03/02 21:39:49 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2009/06/12 21:55:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/12 21:55:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/12 21:55:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/12 21:55:18 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/12 21:55:18 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/12 21:55:18 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/12 21:55:18 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/09/10 14:49:12 | 06,583,016 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSibelius.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/10 20:21:47 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml
[2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (Stardock Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/31 06:23:25 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/08/01 11:44:27 | 00,000,225 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/09/16 15:51:12 | 00,999,424 | R--- | M] (Microsoft Corporation) - F:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/23 22:07:02 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/23 22:03:37 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe
[2009/08/23 20:15:52 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/08/23 20:11:26 | 03,182,166 | ---- | C] () -- C:\Users\Joey\Desktop\ComboFix.exe
[2009/08/23 12:19:08 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/23 00:14:58 | 02,878,880 | -H-- | C] () -- C:\Users\Joey\AppData\Local\IconCache.db
[2009/08/23 00:10:38 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/08/22 20:55:59 | 00,229,376 | ---- | C] () -- C:\Windows\PEV.exe
[2009/08/22 20:55:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/08/22 20:55:59 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/08/22 20:55:59 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/08/22 20:55:59 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/08/22 20:55:59 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/08/22 20:55:59 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/08/22 20:55:59 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/08/22 20:55:52 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/22 20:19:27 | 00,000,154 | ---- | C] () -- C:\Users\Joey\Desktop\New Internet Shortcut.url
[2009/08/22 20:09:07 | 36,113,0995 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/08/22 19:44:20 | 00,288,768 | ---- | C] () -- C:\Users\Joey\Desktop\test.exe.exe
[2009/08/22 18:25:36 | 32,182,84544 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/22 17:20:27 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/08/22 16:18:30 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/08/22 16:18:29 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/08/22 16:18:29 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/08/22 16:18:29 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/08/22 16:18:28 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/08/22 16:18:22 | 40,101,936 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/08/22 16:18:21 | 00,068,001 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/08/22 16:18:20 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/08/22 16:18:17 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/08/22 16:18:17 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/08/22 16:18:09 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/08/22 16:18:08 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/08/22 15:53:29 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\AVG8
[2009/08/22 12:14:53 | 00,000,000 | ---D | C] -- C:\Windows\System32\atastem32
[2009/08/20 22:45:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2009/08/20 17:32:16 | 04,202,998 | ---- | C] () -- C:\Users\Joey\Desktop\Celtic Ritual.mp3
[2009/08/20 17:03:25 | 00,000,000 | ---D | C] -- C:\divx
[2009/08/20 16:58:58 | 00,000,935 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009/08/20 16:58:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/08/20 16:58:37 | 00,000,971 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/08/20 16:58:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/08/17 18:16:40 | 00,012,179 | ---- | C] () -- C:\Users\Joey\Desktop\summer reading.docx
[2009/08/17 15:15:36 | 00,000,390 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{365492C2-BAF7-4EE5-8135-E0FE7714B073}.job
[2009/08/17 14:21:16 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/08/17 14:21:15 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/08/17 14:21:15 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/08/17 14:21:15 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/08/17 14:21:15 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/08/17 14:21:15 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/08/17 14:21:14 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/08/17 14:21:14 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/08/17 14:21:14 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/08/17 14:21:14 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/08/17 14:21:13 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/08/17 14:21:13 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/08/17 14:21:13 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/08/17 14:21:13 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/08/17 14:21:13 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/08/17 14:21:13 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/08/17 14:21:13 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/08/17 14:21:12 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/08/17 14:21:12 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/08/17 14:21:11 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/08/17 14:21:11 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/08/17 14:19:55 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/08/17 14:19:55 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/08/17 14:19:55 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/08/17 14:19:55 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/08/17 14:19:55 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/08/17 14:19:55 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/08/17 14:19:55 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/08/17 14:19:55 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/08/17 14:19:54 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/08/17 14:19:54 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/08/17 14:19:54 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/08/17 14:19:53 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/08/17 14:19:53 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/08/17 14:19:53 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/08/17 14:19:52 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/08/17 14:19:52 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/08/17 14:19:51 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/08/17 14:19:51 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/08/17 14:19:51 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/08/17 14:19:51 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/08/17 14:19:51 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/08/17 14:19:51 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/08/17 14:19:51 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/08/17 14:19:50 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/08/17 14:19:50 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/08/17 14:19:50 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/08/17 14:19:49 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/08/17 14:19:49 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/08/17 14:19:49 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/08/17 14:19:49 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/08/17 14:19:49 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/08/17 14:19:48 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/08/17 14:19:48 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/08/17 14:19:48 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/08/16 01:15:34 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/16 01:15:33 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/16 01:15:33 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/16 01:15:33 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/16 01:15:33 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/16 01:15:33 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/16 01:15:33 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/16 01:15:32 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/12 21:29:02 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/12 21:28:57 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/12 21:28:54 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/12 21:28:52 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/12 21:28:39 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/12 21:28:38 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/12 21:28:37 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/12 21:28:36 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/12 21:28:36 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/12 21:28:35 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/12 21:28:35 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/12 21:28:35 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/11 13:01:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2009/08/09 22:30:37 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\BananaLockScreen
[2009/08/09 22:23:53 | 00,000,000 | ---D | C] -- C:\Program Files\Banana Security
[2009/08/09 17:31:56 | 00,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2009/08/09 17:31:51 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\Symantec
[2009/08/09 00:06:04 | 00,000,000 | ---D | C] -- C:\Program Files\KeyLemon
[2009/08/08 23:45:06 | 00,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\KeyLemon
[2009/08/08 12:53:31 | 00,000,000 | ---D | C] -- C:\Users\Joey\Desktop\Sail
[2009/07/31 18:25:23 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/07/31 18:25:23 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/07/28 17:29:07 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/07/26 01:24:15 | 00,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2009/07/26 00:56:07 | 00,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmvdmoe.dll
[2009/07/26 00:56:01 | 00,000,000 | ---D | C] -- C:\ProgramData\PY_Software
[2009/07/26 00:55:56 | 00,000,000 | ---D | C] -- C:\Program Files\Active WebCam
[2009/07/26 00:43:16 | 00,000,000 | ---- | C] () -- C:\Debug.QC6
[2009/05/29 17:30:19 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/05/02 20:47:35 | 00,000,000 | ---- | C] () -- C:\Windows\WB.ini
[2009/05/01 23:57:39 | 00,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2009/04/20 22:22:18 | 00,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/04/20 21:12:03 | 00,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/04/08 21:57:53 | 00,000,038 | ---- | C] () -- C:\Windows\wwwbatch.ini
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/26 19:38:24 | 00,000,197 | ---- | C] () -- C:\Windows\sc.INI
[2009/01/10 18:13:57 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/06 12:37:32 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/11/14 20:17:34 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007/07/12 16:41:36 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,254 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2009/08/23 22:22:59 | 00,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{365492C2-BAF7-4EE5-8135-E0FE7714B073}.job
[2009/08/23 22:16:29 | 00,198,364 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/08/23 22:16:29 | 00,198,364 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/08/23 22:16:05 | 00,000,715 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2009/08/23 22:15:43 | 00,002,399 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2009/08/23 22:15:07 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/23 22:15:07 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/23 22:15:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/23 22:15:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/23 22:14:52 | 32,182,84544 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/23 22:13:40 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/08/23 22:03:46 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe
[2009/08/23 20:11:46 | 03,182,166 | ---- | M] () -- C:\Users\Joey\Desktop\ComboFix.exe
[2009/08/23 12:48:09 | 02,878,880 | -H-- | M] () -- C:\Users\Joey\AppData\Local\IconCache.db
[2009/08/23 12:19:08 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/08/23 12:17:32 | 40,101,936 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\Windows\PEV.exe
[2009/08/23 00:05:40 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/08/23 00:04:20 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/08/22 23:16:43 | 36,113,0995 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/08/22 22:07:14 | 00,751,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/22 22:07:14 | 00,636,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/22 22:07:14 | 00,118,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/22 20:19:32 | 00,000,154 | ---- | M] () -- C:\Users\Joey\Desktop\New Internet Shortcut.url
[2009/08/22 19:44:31 | 00,288,768 | ---- | M] () -- C:\Users\Joey\Desktop\test.exe.exe
[2009/08/22 17:43:29 | 00,016,896 | ---- | M] () -- C:\Users\Joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/22 16:18:30 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/08/22 16:18:29 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/08/22 16:18:29 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/08/22 16:18:29 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/08/22 16:18:28 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/08/22 16:18:21 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/08/22 16:18:21 | 00,068,001 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/08/22 16:18:20 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/08/20 17:32:26 | 04,202,998 | ---- | M] () -- C:\Users\Joey\Desktop\Celtic Ritual.mp3
[2009/08/20 16:58:58 | 00,000,935 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009/08/20 16:58:37 | 00,000,971 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/08/20 14:42:43 | 00,002,627 | ---- | M] () -- C:\Users\Joey\Desktop\Microsoft Office Word 2007.lnk
[2009/08/19 19:41:13 | 00,001,838 | ---- | M] () -- C:\Users\Joey\Desktop\Windows Media Player.lnk
[2009/08/19 19:34:51 | 00,001,748 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2009/08/18 12:50:56 | 00,002,633 | ---- | M] () -- C:\Users\Joey\Desktop\Microsoft Office Outlook 2007.lnk
[2009/08/17 22:04:07 | 00,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk
[2009/08/17 18:16:41 | 00,012,179 | ---- | M] () -- C:\Users\Joey\Desktop\summer reading.docx
[2009/08/16 00:42:24 | 01,634,820 | ---- | M] () -- C:\Users\Joey\Desktop\Rondo.mp3
[2009/08/10 20:21:45 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/07/31 18:25:23 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/07/31 18:25:23 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/30 16:31:52 | 00,007,592 | ---- | M] () -- C:\Users\Joey\AppData\Local\d3d9caps.dat
[2009/07/29 20:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/28 19:51:43 | 00,001,826 | ---- | M] () -- C:\Users\Joey\Desktop\WC3FT.lnk
[2009/07/26 00:45:01 | 00,000,000 | ---- | M] () -- C:\Debug.QC6
< End of report >
  • 0

#13
Transience

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Alright looking better let's run some final checks:

First we'll clean out your unnecessary temp files to speed up the scans:

1. TFC
  • Please download TFC to your desktop.
  • Save any work, then close all open windows.
  • Double-click TFC to run it, and allow the process to complete, which should not take more than a couple minutes.
  • You may or may not be prompted to reboot, if you are click "Yes" and allow the computer to reboot.
  • Close TFC when it has completed.
2. Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from here.

Doubleclick (Vista users please right-click Run as Administrator) on mbam-setup.exe to install the program.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware at the end of setup, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
  • The scan is different from the quick scan and will take a fairly long time to finish (you can leave it to run and go do something else), please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab.
  • Copy & Paste the entire report in your next reply.
3. Kaspersky Online Scan

Kaspersky online scanner uses Java technology to perform the scan. Because your Java is out of date, we need to update it first so that the scan will run without issues.

Update Java

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts. A log will appear (JavaRa.log), DO NOT post this log, I have no need for it.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Scan
  • Follow this link to the Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
So post back with the logs from MBAM and Kaspersky when you have them and give me an update on how the PC is running, and we should have you on your way :).

- Dave
  • 0

#14
jcm5594

jcm5594

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes' Anti-Malware 1.40
Database version: 2691
Windows 6.0.6001 Service Pack 1

8/24/2009 8:36:06 PM
mbam-log-2009-08-24 (20-36-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 352136
Time elapsed: 2 hour(s), 33 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#15
jcm5594

jcm5594

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, August 25, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, August 25, 2009 03:07:27
Records in database: 2685293
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
H:\
Z:\

Scan statistics:
Objects scanned: 240488
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 05:48:33

No threats found. Scanned area is clean.

Selected area has been scanned.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP