Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect


  • Please log in to reply

#16
swa737pilot

swa737pilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the Extra OTListit log:

OTListIt Extras logfile created on: 3/10/2009 6:22:16 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\user.YOUR-4105E587B6\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.42 Mb Total Physical Memory | 324.54 Mb Available Physical Memory | 42.79% Memory free
1.06 Gb Paging File | 0.63 Gb Available in Paging File | 59.49% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 13.52 Gb Free Space | 36.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 62.09 Mb Total Space | 34.08 Mb Free Space | 54.89% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4105E587B6
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 60 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
C:\Program Files\Common Files\AOL\1138836900\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1138836900\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\Common Files\AOL\1139018904\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1139018904\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\WBid\WBid.exe:*:Enabled:WBID (FigWare, Inc.)
C:\Program Files\Common Files\AOL\1142219770\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1142219770\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\Common Files\AOL\1142296925\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1142296925\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\Common Files\AOL\1146259002\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1146259002\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax (Intuit, Inc.)
C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager (Intuit, Inc.)
C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe (GRISOFT, s.r.o.)
C:\Program Files\Rosetta Stone\RS2.1.5.1Asms\Discover.exe:*:Enabled:Rosetta Stone SMS Discovery Tool (Fairfield Language Technologies)
C:\Program Files\Rosetta Stone\RS2.1.5.1Asms\Rosetta Stone.exe:*:Enabled:Rosetta Stone Application File not found
C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax (Intuit, Inc.)
C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager (Intuit, Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe ()
C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe (Hewlett-Packard)
C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service (Pure Networks, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06ECCCF4-9295-468E-851C-9529A7C181E8}" = HP User Guides 0001
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0F1649F6-F84B-41B2-980B-D2371BA389B3}" = Network Magic
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{183135A3-2CE8-43B5-BA5A-757EBAECB413}" = Disney Pix Micro Downloader
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2816F7DF-B377-4E3C-B201-9E2A037078EF}" = 3D Home Architect Home Design SE 6
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A203EE3-CF45-4B78-8186-7EAF1E83B109}" = VICTORia Trim and Tone
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3D0E8F20-748C-4dac-9A5F-9CAC86F0E848}" = 1500
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51D43E6D-9B84-4b69-AA14-27113796A94D}" = 1500_Help
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{618F637A-5D4D-48F4-9679-D02F45BD4315}" = LS_HSI
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766E4715-B801-46B3-9D91-12288AB88428}" = DB CIF Cam
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9B076678-4FDB-4EFD-A962-E5DF53A08DC5}" = POI Loader
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A1C8D94A-4303-4489-B585-4B6E6CD408CB}" = OpenOffice.org 2.2
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AEBEF8E1-11B9-4458-A619-14EEE48A5BB4}" = Pure Networks Platform
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B1A9CD45-A702-4E3B-91ED-8CD562869901}" = DWG TrueView 2008
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CD53B28C-6361-11D6-A055-00105A2A192A}" = WBid 3.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC8235CC-3D5A-4D32-94BE-E2F0A1749920}" = Disney Pix 2.0
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E249833F-0873-4222-88FA-9D827233A7F4}" = The Print Shop Photo Workshop
"{E6F6231A-4FA3-47fe-A0DB-B113160C8DD3}" = 1500Trb
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG7Uninstall" = AVG 7.5
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"CEP3 - Colour Options for The Sims 2_is1" = CEP3 - Color Enable Package 3
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C" = Soft Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"CUZ4_is1" = CAM UnZip 4.42
"DWG TrueView 2008" = DWG TrueView 2008
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"eTrust EZ Armor" = eTrust EZ Armor
"FreeZip" = FreeZip
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo & Imaging" = HP Image Zone 4.7
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"InstallShield_{2816F7DF-B377-4E3C-B201-9E2A037078EF}" = 3D Home Architect Home Design SE 6
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"InterActual Player" = InterActual Player
"LEGOLANDDeInstKey" = LEGOLAND
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matchbox Emergency Patrol" = Matchbox® Emergency Patrol™
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Miro" = Miro
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"Mozilla Sunbird (0.8)" = Mozilla Sunbird (0.8)
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"Picasa2" = Picasa 2
"RealPlayer 6.0" = RealPlayer
"RoadRunner" = RoadRunner
"Rosetta Stone 2.1.5.1Asms" = Rosetta Stone 2.1.5.1Asms
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"Silent Package Run-Time Sample" = EPSON Perf 3490 3590 Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"UnRAR for Windows" = UnRAR for Windows
"Vehicle Voyages" = Vehicle Voyages
"Virtools3DLifePlayer" = Virtools 3D Life Player
"WBid" = WBid
"WBid 3.1" = WBid 3.1
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/4/2009 10:15:04 PM | Computer Name = YOUR-4105E587B6 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000109fb.

Error - 3/4/2009 10:54:17 PM | Computer Name = YOUR-4105E587B6 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x00037423.

Error - 3/5/2009 11:27:32 PM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.4.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2009 11:30:48 PM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.4.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2009 11:36:07 PM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.4.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:43:12 AM | Computer Name = YOUR-4105E587B6 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18372, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x00037423.

Error - 3/8/2009 10:55:12 AM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application ATF_Cleaner[1].exe, version 3.0.0.2, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 11:45:37 PM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/8/2009 11:45:37 PM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/9/2009 7:31:53 AM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application Spyware-Doctor-6.0.0.362j[1].tmp, version 51.49.0.0,
hang module hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/9/2009 8:17:01 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/9/2009 8:17:01 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/9/2009 8:17:01 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/9/2009 8:17:02 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/9/2009 8:17:02 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/9/2009 8:17:02 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/9/2009 8:17:02 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/9/2009 8:17:02 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/10/2009 6:01:32 PM | Computer Name = YOUR-4105E587B6 | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 3/10/2009 6:07:16 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >

Thanks again, Steve
  • 0

Advertisements


#17
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, lets open AVZ again and run a script. This will also reset your Internet Explorer default settings.:
  • Close all windows then double click on AVZ.exe
  • Click File then Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 RegKeyDel('HKLM','SOFTWARE\Microsoft\Code Store Database\Distribution Units\WMP10ctrl');
 RegKeyDel('HKLM','SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}');
ExecuteRepair(2);
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteSysClean;
RebootWindows(true);
end.
  • Note: When you run the script, your PC will be restarted
  • Restart your PC if it doesn't do it automatically, and post back with a fresh OTListIt log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Download Security Check by screen317 from here or here and save it to your Desktop.
  • Unzip SecurityCheck.zip and a folder named Security Check should appear.
  • Open the Security Check folder and double-click Security Check.bat
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Also, let me know if you are still getting the redirects.
  • 0

#18
swa737pilot

swa737pilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
RatHat,

SecurityCheck.bat will not run on my computer. All of the icons on my desktop go blank for a second, then come back. No black window for security check. I have included the logs for OTListit:

OTListIt logfile created on: 3/11/2009 8:32:12 AM - Run 5
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\user.YOUR-4105E587B6\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.42 Mb Total Physical Memory | 365.33 Mb Available Physical Memory | 48.17% Memory free
1.06 Gb Paging File | 0.70 Gb Available in Paging File | 65.59% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 13.45 Gb Free Space | 36.11% Space Free | Partition Type: NTFS
Drive D: | 60.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 62.09 Mb Total Space | 34.08 Mb Free Space | 54.89% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4105E587B6
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 60 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
PRC - C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG7\avgemc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe ()
PRC - C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe (Qurb, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (AVG Anti-Spyware Guard [Auto | Running]) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
SRV - (Avg7Alrt [Auto | Running]) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
SRV - (Avg7UpdSvc [Auto | Running]) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
SRV - (AVGEMS [Auto | Running]) -- C:\Program Files\Grisoft\AVG7\avgemc.exe (GRISOFT, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (hpqwmi [On_Demand | Stopped]) -- C:\Program Files\HPQ\SHARED\HPQWMI.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (nmraapache [On_Demand | Stopped]) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (nmservice [Auto | Running]) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (sprtsvc_ddoctorv2 [Auto | Running]) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AVG Anti-Spyware Driver [System | Running]) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ()
DRV - (Avg7Core [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7core.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsW [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsXP [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o.)
DRV - (AvgAsCln [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys (GRISOFT, s.r.o.)
DRV - (AvgClean [System | Running]) -- C:\WINDOWS\System32\Drivers\avgclean.sys (GRISOFT, s.r.o.)
DRV - (AvgTdi [Auto | Running]) -- C:\WINDOWS\System32\Drivers\avgtdi.sys (GRISOFT, s.r.o.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\system32\drivers\EABFiltr.sys (Hewlett-Packard Company)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\eabusb.sys (Hewlett-Packard Company)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (pnarp [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\pnarp.sys (Pure Networks, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (purendis [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\purendis.sys (Pure Networks, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys (SMC)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SQTECH905C [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006\S-1-5-21-3967758748-3212591267-1499173043-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/12/25 17:36:33 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/05 23:41:35 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/05 23:41:34 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Components -> %ProgramFiles%\MOZILLA SUNBIRD\COMPONENTS [C:\PROGRAM FILES\MOZILLA SUNBIRD\COMPONENTS] -> [2008/12/25 16:20:30 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Plugins -> %ProgramFiles%\MOZILLA SUNBIRD\PLUGINS [C:\PROGRAM FILES\MOZILLA SUNBIRD\PLUGINS] -> [2008/12/25 16:20:30 00,000,000 | ---D | M]
FF - C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\mozilla\Extensions [2008/12/19 17:19:44 00,000,000 | ---D | M]
FF - C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241} [2008/12/19 17:19:44 00,000,000 | ---D | M]
FF - C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/12/19 16:25:40 00,000,000 | ---D | M]
FF - C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\mozilla\Firefox\Profiles\a2r20t9t.default\extensions [2009/03/05 23:42:46 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/03/05 13:13:19 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/05 23:41:34 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2008/12/25 17:37:15 00,000,000 | ---D | M]

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 (SupportSoft, Inc.)
O4 - HKLM..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start (Hewlett-Packard )
O4 - HKLM..\Run: [EEventManager] "C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
O4 - HKLM..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe" (Qurb, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-20..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKU\S-1-5-21-3967758748-3212591267-1499173043-1006\..Trusted Sites: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} http://connect.comca..... Controls.cab (SupportSoft External Control)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.my-etrust...an/pestscan.cab (PSFormX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1216096488671 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www3.ca.com/s...nfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} http://www.cinemanow...Control_3_3.CAB (dlControl.UserControl1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {F46DBC27-03CB-4BDC-BD25-0B36EE2B2268} http://www.figware.c...d/wb3/setup.exe (InstallShield Setup Player 2K2)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - D:\autorun.inf () - [ CDFS ]

========== Files/Folders - Created Within 60 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/10 20:49:18 | 00,029,378 | ---- | C] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\pkunzip.exe
[2009/03/10 20:26:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user.YOUR-4105E587B6\My Documents\avz4
[2009/03/10 20:07:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\avz4
[2009/03/10 17:57:49 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/09 21:42:50 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/09 21:41:18 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\Rooter.exe
[2009/03/09 20:25:28 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\OTListIt2.exe
[2009/03/08 11:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/08 11:04:38 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\NTREGOPT.lnk
[2009/03/08 11:04:38 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\ERUNT.lnk
[2009/03/08 11:04:36 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/08 00:22:58 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\Spybot - Search & Destroy.lnk
[2009/03/05 23:57:39 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\HijackThis.lnk
[2009/03/05 23:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/05 23:44:29 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\GooredFix.exe
[2009/03/05 23:22:59 | 00,000,306 | ---- | C] () -- C:\WINDOWS\tasks\WebReg Photosmart C4380 series.job
[2009/03/05 01:17:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/05 01:17:04 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/05 01:16:55 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/03/05 01:16:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\SUPERAntiSpyware.com
[2009/03/05 01:07:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Malwarebytes
[2009/03/05 01:07:32 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/05 01:07:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/05 01:07:29 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/05 01:07:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/05 01:07:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/05 00:28:00 | 00,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E3D56D85-4787-495A-90B6-199898059B74}.job
[2009/03/05 00:19:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/03/05 00:14:15 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/05 00:10:45 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/03/04 23:32:42 | 00,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2009/03/04 22:40:10 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/03/04 22:00:46 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/03/04 22:00:46 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/03/04 22:00:46 | 00,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
[2009/03/04 21:42:42 | 79,533,2608 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/01 14:04:12 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/01 13:40:44 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/01 13:40:35 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/01 13:29:56 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/03/01 13:29:55 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/01 13:29:36 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/01 13:29:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/01 01:36:00 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\spybotsd162.exe
[2009/03/01 01:35:28 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2009/03/01 01:35:28 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2009/03/01 01:35:28 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/02/26 20:16:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\HPAppData
[2009/02/26 20:15:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2009/02/26 19:46:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\HP
[2009/02/26 19:36:50 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2009/02/26 19:35:21 | 00,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2009/02/26 19:34:14 | 00,001,960 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2009/02/26 19:29:23 | 00,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/02/26 19:28:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2009/02/26 19:28:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/02/26 19:20:15 | 00,165,328 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2009/02/26 19:20:15 | 00,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2009/02/26 19:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/02/20 04:07:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/02/20 02:00:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/02/20 02:00:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/02/20 02:00:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/02/20 02:00:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/02/20 01:57:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/02/20 01:52:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/02/20 01:44:19 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/02/20 01:44:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/01/16 22:39:09 | 00,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DSC-W35 Handbook (PDF).lnk
[2009/01/16 22:38:30 | 00,001,999 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Step-up Guide.lnk
[2009/01/16 22:38:30 | 00,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DSC-W55 Handbook (PDF).lnk
[2009/01/15 03:22:00 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/01/15 03:21:44 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/01/15 03:19:22 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/01/15 03:19:02 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/01/15 03:04:28 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll

========== Files - Modified Within 60 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/11 08:29:01 | 00,477,670 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/11 08:29:01 | 00,406,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/11 08:29:01 | 00,063,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/11 08:26:59 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/11 08:24:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/11 08:24:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/11 08:24:38 | 79,533,2608 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/11 03:08:33 | 00,375,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 03:05:02 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E3D56D85-4787-495A-90B6-199898059B74}.job
[2009/03/11 03:01:58 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 20:49:22 | 00,029,378 | ---- | M] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\pkunzip.exe
[2009/03/10 17:24:12 | 00,416,256 | ---- | M] () -- C:\Documents and Settings\user.YOUR-4105E587B6\My Documents\Molter_Cost_Review.xls
[2009/03/09 21:41:20 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\Rooter.exe
[2009/03/09 20:25:31 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\OTListIt2.exe
[2009/03/09 20:23:32 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\GooredFix.exe
[2009/03/08 12:54:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/08 12:54:03 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/08 11:04:38 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\NTREGOPT.lnk
[2009/03/08 11:04:38 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\ERUNT.lnk
[2009/03/08 00:22:58 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\Spybot - Search & Destroy.lnk
[2009/03/05 23:57:39 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\HijackThis.lnk
[2009/03/05 23:23:02 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Photosmart C4380 series.job
[2009/03/05 09:53:03 | 00,112,376 | ---- | M] () -- C:\Documents and Settings\user.YOUR-4105E587B6\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/05 01:17:04 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/05 01:07:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/05 00:22:24 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\user.YOUR-4105E587B6\My Documents\desktop.ini
[2009/03/04 22:28:48 | 00,000,696 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/04 22:01:09 | 00,000,243 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/03/04 22:01:09 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/03/01 13:40:16 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/01 13:29:55 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/01 12:28:04 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/01 01:39:25 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\spybotsd162.exe
[2009/02/26 19:46:58 | 00,165,328 | ---- | M] () -- C:\WINDOWS\hpoins21.dat
[2009/02/26 19:35:21 | 00,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2009/02/26 19:34:14 | 00,001,960 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2009/02/26 19:31:28 | 00,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/02/26 19:29:23 | 00,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/02/20 04:09:46 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/02/20 01:51:50 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/02/12 00:56:17 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/11 11:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 11:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/09 07:13:27 | 01,846,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2009/02/09 07:13:27 | 01,846,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2009/02/07 00:20:29 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/29 17:45:58 | 00,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InterActual Player.lnk
[2009/01/16 22:43:14 | 00,001,999 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Step-up Guide.lnk
[2009/01/16 22:43:14 | 00,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DSC-W55 Handbook (PDF).lnk
[2009/01/16 22:42:47 | 00,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DSC-W35 Handbook (PDF).lnk
[2009/01/15 03:22:22 | 01,228,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2009/01/15 03:22:22 | 01,228,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/01/15 03:22:00 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/01/15 03:21:44 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/01/15 03:19:22 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll.mui
[2009/01/15 03:19:22 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/01/15 03:19:02 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/01/15 03:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/01/15 03:17:22 | 00,392,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/01/15 03:17:22 | 00,392,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/01/15 03:13:18 | 05,888,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/01/15 03:13:18 | 05,888,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/01/15 03:12:12 | 10,963,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/01/15 03:12:12 | 10,963,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/01/15 03:06:48 | 01,182,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2009/01/15 03:06:48 | 01,182,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/01/15 03:06:44 | 01,467,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/01/15 03:06:44 | 01,467,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/01/15 03:06:22 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009/01/15 03:06:08 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll
[2009/01/15 03:06:08 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2009/01/15 03:06:00 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2009/01/15 03:06:00 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2009/01/15 03:05:42 | 00,911,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2009/01/15 03:05:42 | 00,911,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/01/15 03:05:34 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/01/15 03:05:34 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/01/15 03:05:34 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll
[2009/01/15 03:05:34 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/01/15 03:05:34 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2009/01/15 03:05:34 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2009/01/15 03:04:56 | 00,755,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2009/01/15 03:04:28 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/01/15 03:04:28 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2009/01/15 03:04:16 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/01/15 03:04:16 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/01/15 03:03:58 | 00,724,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/01/15 03:03:58 | 00,724,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/01/15 03:03:50 | 00,228,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2009/01/15 03:03:50 | 00,228,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2009/01/15 03:03:42 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2009/01/15 03:03:42 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2009/01/15 03:03:36 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2009/01/15 03:03:36 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2009/01/15 03:03:32 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admparse.dll
[2009/01/15 03:03:32 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\admparse.dll
[2009/01/15 03:03:28 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/01/15 03:03:28 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/01/15 03:03:20 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2009/01/15 03:03:20 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2009/01/15 03:03:18 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iesetup.dll
[2009/01/15 03:03:18 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iesetup.dll
[2009/01/15 03:03:18 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/01/15 03:03:14 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll
[2009/01/15 03:03:14 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/01/15 03:03:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2009/01/15 03:03:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2009/01/15 03:03:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2009/01/15 03:03:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2009/01/15 03:02:50 | 01,975,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2009/01/15 03:02:50 | 01,975,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/01/15 03:02:40 | 00,593,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/01/15 03:02:40 | 00,593,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/01/15 03:02:20 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2009/01/15 03:02:20 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/01/15 03:01:52 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/01/15 03:01:52 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/01/15 03:01:42 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2009/01/15 03:01:40 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2009/01/15 03:01:40 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/01/15 03:01:40 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/01/15 03:01:40 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/01/15 03:01:26 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imgutil.dll
[2009/01/15 03:01:26 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imgutil.dll
[2009/01/15 03:01:22 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2009/01/15 03:01:22 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/01/15 03:01:18 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2009/01/15 03:01:18 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/01/15 03:01:16 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2009/01/15 03:01:16 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/01/15 03:01:06 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2009/01/15 03:01:06 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/01/15 03:00:46 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmler.dll
[2009/01/15 03:00:46 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmler.dll
[2009/01/15 03:00:40 | 01,639,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.tlb
[2009/01/15 03:00:40 | 01,639,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.tlb
[2009/01/15 03:00:38 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe
[2009/01/15 03:00:38 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2009/01/15 03:00:36 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tdc.ocx
[2009/01/15 03:00:36 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2009/01/15 02:53:40 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2009/01/15 02:50:50 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieui.dll
[2009/01/15 02:50:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msls31.dll
[2009/01/15 02:50:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msls31.dll
[2009/01/15 02:39:06 | 00,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2009/01/15 02:35:10 | 00,445,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2009/01/15 02:35:10 | 00,445,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/01/11 01:00:34 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll

========== LOP Check ==========

[2009/03/05 01:17:29 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/11 08:50:23 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{233A9927-A3CE-4E43-B2F3-0D43142910D8}
[2008/12/25 16:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/03/01 13:29:56 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2007/06/09 15:51:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F5E59C2F-E2F7-4721-9E8D-16A18D7814EF}
[2008/03/11 18:18:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/04/28 17:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2008/02/02 18:07:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/12/25 16:19:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/02/04 22:25:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2007/06/02 12:39:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2006/06/11 19:41:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2006/06/11 19:41:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2005/12/28 02:49:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/08/13 06:53:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2009/03/10 17:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2007/12/25 01:56:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/02/26 19:20:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2008/08/17 16:22:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/02/26 19:28:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/02/26 19:28:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2005/11/19 14:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hpqwmi
[2005/08/08 07:52:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2007/04/13 14:27:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/03/01 13:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/04/14 12:45:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/03/05 01:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2007/04/14 15:33:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2005/08/08 08:10:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/05/19 21:49:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2005/08/08 08:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2005/08/08 06:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/01/17 21:17:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2009/03/08 00:42:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/03/05 01:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2007/12/01 17:26:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2005/12/28 02:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/03/09 20:17:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/09 20:20:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/02/26 20:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2007/06/15 11:13:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2005/08/08 08:11:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2005/08/08 08:02:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Apple Computer
[2005/08/08 06:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities
[2005/08/08 08:28:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2005/08/08 08:11:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Symantec
[2005/08/08 07:15:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2007/05/29 10:41:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2005/08/08 07:15:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/05/29 02:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2005/08/08 07:15:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2007/07/11 14:53:43 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/06/20 11:56:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\user\Application Data
[2006/02/01 19:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\acccore
[2007/04/13 19:07:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Adobe
[2006/05/04 10:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AdobeUM
[2005/08/08 08:02:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Apple Computer
[2006/06/29 22:10:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ArcSoft
[2007/06/30 16:19:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG7
[2006/06/30 10:57:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\EPSON
[2006/10/15 12:44:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Google
[2006/02/18 23:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Help
[2006/04/23 22:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Identities
[2007/04/13 14:25:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InstallShield
[2005/12/26 15:28:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterVideo
[2007/04/13 14:29:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Intuit
[2006/06/29 21:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2006/03/13 20:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Macromedia
[2006/10/13 19:10:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\user\Application Data\Microsoft
[2007/06/30 23:11:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org2
[2006/01/17 21:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sony Corporation
[2006/01/04 20:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sun
[2005/12/26 10:39:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Symantec
[2006/01/10 20:37:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Template
[2006/06/23 21:45:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Viewpoint
[2009/03/08 23:35:03 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data
[2008/05/16 13:37:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Adobe
[2008/06/04 10:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\AdobeUM
[2009/01/09 22:33:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Apple Computer
[2008/08/19 00:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\ArcSoft
[2008/02/04 22:28:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Autodesk
[2009/03/05 09:56:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\AVG7
[2007/12/26 17:24:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Disney Mix It Plug-in
[2007/07/01 16:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\EPSON
[2007/07/03 10:30:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Google
[2007/08/08 08:55:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Help
[2008/08/17 16:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\HotSync
[2009/02/26 19:46:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\HP
[2009/03/11 08:35:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\HPAppData
[2005/08/08 06:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Identities
[2007/08/03 12:18:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\InterVideo
[2008/05/12 16:10:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Intuit
[2008/01/15 00:53:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Lavasoft
[2008/08/17 16:31:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Leadertech
[2008/01/31 19:17:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\LimeWire
[2007/07/01 22:35:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Macromedia
[2009/03/05 01:07:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Malwarebytes
[2009/03/04 22:33:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Microsoft
[2008/12/19 16:25:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Mozilla
[2009/03/10 16:22:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\OpenOffice.org2
[2008/12/19 17:19:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Participatory Culture Foundation
[2008/12/19 17:25:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\PCF-VLC
[2008/03/31 10:35:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Real
[2009/02/10 10:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Sony Corporation
[2007/07/07 17:31:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Sun
[2009/03/05 01:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\SUPERAntiSpyware.com
[2005/08/08 08:11:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Symantec
[2008/09/16 12:56:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Talkback
[2007/08/07 23:04:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Template
[2007/11/12 11:18:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Viewpoint
[2007/12/05 14:17:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user.YOUR-4105E587B6\Application Data\Yahoo!
[2009/03/08 12:54:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/02/07 00:20:29 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/11 08:24:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/03/11 03:05:02 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E3D56D85-4787-495A-90B6-199898059B74}.job
[2009/03/05 23:23:02 | 00,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg Photosmart C4380 series.job

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 894 bytes -> C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\PowerSchool Parent Logon.url:favicon
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDBBA690
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\user.YOUR-4105E587B6\Desktop\g-mail.url:favicon
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

#19
swa737pilot

swa737pilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the extras.txt for OTListit:

OTListIt Extras logfile created on: 3/11/2009 8:32:12 AM - Run 5
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\user.YOUR-4105E587B6\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.42 Mb Total Physical Memory | 365.33 Mb Available Physical Memory | 48.17% Memory free
1.06 Gb Paging File | 0.70 Gb Available in Paging File | 65.59% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 13.45 Gb Free Space | 36.11% Space Free | Partition Type: NTFS
Drive D: | 60.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 62.09 Mb Total Space | 34.08 Mb Free Space | 54.89% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4105E587B6
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 60 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3967758748-3212591267-1499173043-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
C:\Program Files\Common Files\AOL\1138836900\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1138836900\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\Common Files\AOL\1139018904\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1139018904\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\WBid\WBid.exe:*:Enabled:WBID (FigWare, Inc.)
C:\Program Files\Common Files\AOL\1142219770\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1142219770\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\Common Files\AOL\1142296925\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1142296925\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\Common Files\AOL\1146259002\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1146259002\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax (Intuit, Inc.)
C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager (Intuit, Inc.)
C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe (GRISOFT, s.r.o.)
C:\Program Files\Rosetta Stone\RS2.1.5.1Asms\Discover.exe:*:Enabled:Rosetta Stone SMS Discovery Tool (Fairfield Language Technologies)
C:\Program Files\Rosetta Stone\RS2.1.5.1Asms\Rosetta Stone.exe:*:Enabled:Rosetta Stone Application File not found
C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax (Intuit, Inc.)
C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager (Intuit, Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe ()
C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)
C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe (Hewlett-Packard)
C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service (Pure Networks, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06ECCCF4-9295-468E-851C-9529A7C181E8}" = HP User Guides 0001
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0F1649F6-F84B-41B2-980B-D2371BA389B3}" = Network Magic
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{183135A3-2CE8-43B5-BA5A-757EBAECB413}" = Disney Pix Micro Downloader
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2816F7DF-B377-4E3C-B201-9E2A037078EF}" = 3D Home Architect Home Design SE 6
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A203EE3-CF45-4B78-8186-7EAF1E83B109}" = VICTORia Trim and Tone
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3D0E8F20-748C-4dac-9A5F-9CAC86F0E848}" = 1500
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51D43E6D-9B84-4b69-AA14-27113796A94D}" = 1500_Help
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{618F637A-5D4D-48F4-9679-D02F45BD4315}" = LS_HSI
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766E4715-B801-46B3-9D91-12288AB88428}" = DB CIF Cam
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9B076678-4FDB-4EFD-A962-E5DF53A08DC5}" = POI Loader
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A1C8D94A-4303-4489-B585-4B6E6CD408CB}" = OpenOffice.org 2.2
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AEBEF8E1-11B9-4458-A619-14EEE48A5BB4}" = Pure Networks Platform
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B1A9CD45-A702-4E3B-91ED-8CD562869901}" = DWG TrueView 2008
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CD53B28C-6361-11D6-A055-00105A2A192A}" = WBid 3.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC8235CC-3D5A-4D32-94BE-E2F0A1749920}" = Disney Pix 2.0
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E249833F-0873-4222-88FA-9D827233A7F4}" = The Print Shop Photo Workshop
"{E6F6231A-4FA3-47fe-A0DB-B113160C8DD3}" = 1500Trb
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG7Uninstall" = AVG 7.5
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"CEP3 - Colour Options for The Sims 2_is1" = CEP3 - Color Enable Package 3
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C" = Soft Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"CUZ4_is1" = CAM UnZip 4.42
"DWG TrueView 2008" = DWG TrueView 2008
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"eTrust EZ Armor" = eTrust EZ Armor
"FreeZip" = FreeZip
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo & Imaging" = HP Image Zone 4.7
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"InstallShield_{2816F7DF-B377-4E3C-B201-9E2A037078EF}" = 3D Home Architect Home Design SE 6
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"InterActual Player" = InterActual Player
"LEGOLANDDeInstKey" = LEGOLAND
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matchbox Emergency Patrol" = Matchbox® Emergency Patrol™
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Miro" = Miro
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"Mozilla Sunbird (0.8)" = Mozilla Sunbird (0.8)
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"Picasa2" = Picasa 2
"RealPlayer 6.0" = RealPlayer
"RoadRunner" = RoadRunner
"Rosetta Stone 2.1.5.1Asms" = Rosetta Stone 2.1.5.1Asms
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"Silent Package Run-Time Sample" = EPSON Perf 3490 3590 Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"UnRAR for Windows" = UnRAR for Windows
"Vehicle Voyages" = Vehicle Voyages
"Virtools3DLifePlayer" = Virtools 3D Life Player
"WBid" = WBid
"WBid 3.1" = WBid 3.1
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/4/2009 10:54:17 PM | Computer Name = YOUR-4105E587B6 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x00037423.

Error - 3/5/2009 11:27:32 PM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.4.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2009 11:30:48 PM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.4.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2009 11:36:07 PM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.4.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:43:12 AM | Computer Name = YOUR-4105E587B6 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18372, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x00037423.

Error - 3/8/2009 10:55:12 AM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application ATF_Cleaner[1].exe, version 3.0.0.2, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 11:45:37 PM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/8/2009 11:45:37 PM | Computer Name = YOUR-4105E587B6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/9/2009 7:31:53 AM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application Spyware-Doctor-6.0.0.362j[1].tmp, version 51.49.0.0,
hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/10/2009 8:00:13 PM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/10/2009 6:01:32 PM | Computer Name = YOUR-4105E587B6 | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 3/10/2009 6:07:16 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/10/2009 10:45:52 PM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/11/2009 3:10:27 AM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/11/2009 3:15:05 AM | Computer Name = YOUR-4105E587B6 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.192 for the Network Card with network
address 0014A519C268 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/11/2009 4:11:36 AM | Computer Name = YOUR-4105E587B6 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
PC296772421622 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{DF5701B4-ABCD. The master browser is stopping or an election is being
forced.

Error - 3/11/2009 5:37:44 AM | Computer Name = YOUR-4105E587B6 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
PC296772421622 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{DF5701B4-ABCD. The master browser is stopping or an election is being
forced.

Error - 3/11/2009 7:09:17 AM | Computer Name = YOUR-4105E587B6 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
PC296772421622 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{DF5701B4-ABCD. The master browser is stopping or an election is being
forced.

Error - 3/11/2009 8:26:31 AM | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/11/2009 8:31:13 AM | Computer Name = YOUR-4105E587B6 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.192 for the Network Card with network
address 0014A519C268 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >


As I said, I could'nt run security check, and I am still getting re-directed. Thanks, Steve
  • 0

#20
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Sorry about the late reply, had a few things to get sorted at home.

Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon
  • Click on the Scan button
  • When the scan is complete, click the Save Log button
  • Save the log to your desktop as Daft.txt
  • Post the contents of the log in your next reply
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Run an ESET online scan here.

Note: You will need to use Internet explorer for this scan!
  • First, accept the Terms of Use
  • Click: Start
  • When asked, allow the ActiveX control to install
  • Click: Start
  • Make sure the options:
    Remove found threats, and Scan unwanted applications are both checked!
  • Click: Scan
When the scan finishes, use Notepad to open the ESET report.
It will be located in your Program Files folder, usually: C:\Program Files\EsetOnlineScanner\log.txt

Copy the text and paste it into your next reply.
  • 0

#21
swa737pilot

swa737pilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
RatHat,

Your link to DAFT was not working. I recieved a website not available message. I was still being redirected after the scan. Thanks, Steve

Here is the ESET log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3930 (20090312)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=7cd4f0fed39c064c80fbe9e52aae70f7
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-12 03:34:28
# local_time=2009-03-12 11:34:28 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=493753
# found=1
# scan_time=5626
C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application (unable to clean - deleted) 00000000000000000000000000000000
  • 0

#22
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Steve,

For DAFT please download it from here and run it as outlined above.

Also, please run an online scan with Kaspersky WebScanner.
Note: You must disable your Anti Virus program during the scan. If you are unsure of how to disable these programs, please refer to this page for details.
  • Click the Accept button to agree to the disclaimer.

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded and updated click on My Computer in the Scan settings
    • This will start the scan of your system.
    • The scan will take a while so be patient and let it run until it is complete.
    • Now click on the View scan report link:
  • Click the Save report as button
  • Under Save as type, choose Text file (*.txt)
  • Save the file to your desktop as Kaspersky.txt
  • Copy and paste that information in your next post.

  • 0

#23
swa737pilot

swa737pilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
RatHat,
When I download Kaspersky, I get a message that I need Java 1.5 or greater to run. I have Java 1.6 on my machine. I can never get to the "accept" terms of use, becuase it won't recognize my current Java 1.6. I did run Daft thogh, here are the results:

DAFT Log saved on 2009-03-12 18:10:49
-----------------------------------------------------------------------
.scr - DWGTrueViewScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"
  • 0

#24
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, lets run Combofix.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are unsure of how to disable these programs, please refer to this page for details.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Note: If you are unsure about anything, a very good Combofix tutorial can be found here.
  • 0

#25
swa737pilot

swa737pilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
RatHat,

Here is the log for ComboFix:

ComboFix 09-03-13.01 - user 2009-03-13 20:13:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.758.307 [GMT -4:00]
Running from: c:\documents and settings\user.YOUR-4105E587B6\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-14 to 2009-03-14 )))))))))))))))))))))))))))))))
.

2009-03-13 07:33 . 2009-03-13 07:33 <DIR> d-------- c:\documents and settings\user.YOUR-4105E587B6\Application Data\TaxCut
2009-03-13 07:31 . 2009-03-13 07:32 <DIR> d-------- c:\program files\TaxCut08
2009-03-13 07:31 . 2009-03-13 07:31 <DIR> d-------- c:\program files\PDF995
2009-03-13 07:29 . 2009-03-13 07:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\TaxCut
2009-03-12 20:09 . 2009-03-12 20:08 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-12 09:48 . 2009-03-12 11:34 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-03-10 17:57 . 2009-03-10 17:57 <DIR> d-------- C:\_OTListIt
2009-03-09 21:42 . 2009-03-09 21:43 <DIR> d-------- C:\Rooter$
2009-03-08 11:04 . 2009-03-08 11:05 <DIR> d-------- c:\program files\ERUNT
2009-03-05 23:57 . 2009-03-05 23:57 <DIR> d-------- c:\program files\Trend Micro
2009-03-05 01:17 . 2009-03-05 01:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-05 01:16 . 2009-03-05 01:44 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-05 01:16 . 2009-03-05 01:16 <DIR> d-------- c:\documents and settings\user.YOUR-4105E587B6\Application Data\SUPERAntiSpyware.com
2009-03-05 01:07 . 2009-03-05 01:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 01:07 . 2009-03-05 01:07 <DIR> d-------- c:\documents and settings\user.YOUR-4105E587B6\Application Data\Malwarebytes
2009-03-05 01:07 . 2009-03-05 01:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-05 01:07 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 01:07 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-05 00:28 . 2009-03-05 00:28 <DIR> d--hs---- c:\documents and settings\user.YOUR-4105E587B6\IECompatCache
2009-03-05 00:25 . 2009-03-05 00:25 <DIR> d--hs---- c:\documents and settings\user.YOUR-4105E587B6\PrivacIE
2009-03-05 00:25 . 2009-03-05 00:25 <DIR> d--hs---- c:\documents and settings\user.YOUR-4105E587B6\IETldCache
2009-03-05 00:19 . 2009-03-05 00:19 <DIR> d-------- c:\windows\ie8updates
2009-03-05 00:14 . 2009-03-05 00:16 <DIR> d--h-c--- c:\windows\ie8
2009-03-05 00:10 . 2009-01-11 01:00 79,360 --------- c:\windows\system32\dllcache\iecompat.dll
2009-03-04 23:32 . 2009-03-09 20:13 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner
2009-03-01 14:04 . 2009-03-01 13:40 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-01 13:40 . 2009-03-08 12:54 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-01 13:29 . 2009-03-01 13:29 <DIR> d-------- c:\program files\Lavasoft
2009-03-01 13:29 . 2009-03-01 13:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-01 13:29 . 2009-03-01 13:29 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-01 01:35 . 2009-03-01 01:35 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-03-01 01:35 . 2009-03-01 01:35 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-01 01:35 . 2009-03-01 01:35 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-02-26 20:16 . 2009-03-13 20:11 <DIR> d-------- c:\documents and settings\user.YOUR-4105E587B6\Application Data\HPAppData
2009-02-26 20:15 . 2009-02-26 20:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2009-02-26 19:46 . 2009-02-26 19:46 <DIR> d-------- c:\documents and settings\user.YOUR-4105E587B6\Application Data\HP
2009-02-26 19:36 . 2007-11-01 07:28 970,752 -ra------ c:\windows\system32\hpotiop5.dll
2009-02-26 19:36 . 2007-11-01 07:28 729,088 -ra------ c:\windows\system32\hpowiax5.dll
2009-02-26 19:36 . 2007-11-01 07:28 364,544 -ra------ c:\windows\system32\hppldcoi.dll
2009-02-26 19:36 . 2007-11-01 07:28 309,760 -ra------ c:\windows\system32\difxapi.dll
2009-02-26 19:36 . 2007-11-01 07:28 303,104 -ra------ c:\windows\system32\hpovst12.dll
2009-02-26 19:28 . 2009-02-26 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-26 19:28 . 2009-02-26 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-02-26 19:20 . 2009-02-26 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-02-26 19:20 . 2009-02-26 19:46 165,328 --a------ c:\windows\hpoins21.dat
2009-02-26 19:20 . 2008-02-13 05:15 7,262 --------- c:\windows\hpomdl21.dat
2009-02-26 19:19 . 2007-12-06 19:55 271,704 -ra------ c:\windows\system32\hpzids01.dll
2009-02-26 19:19 . 2007-03-15 16:32 118,272 --a------ c:\windows\system32\hpz3l5ha.dll
2009-02-20 02:00 . 2009-02-20 02:00 <DIR> d-------- c:\windows\system32\scripting
2009-02-20 02:00 . 2009-02-20 02:00 <DIR> d-------- c:\windows\system32\en
2009-02-20 02:00 . 2009-02-20 02:00 <DIR> d-------- c:\windows\system32\bits
2009-02-20 02:00 . 2009-02-20 02:00 <DIR> d-------- c:\windows\l2schemas
2009-02-20 01:57 . 2009-02-20 02:01 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-20 01:44 . 2009-02-20 01:44 <DIR> d-------- c:\windows\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 18:17 --------- d-----w c:\documents and settings\user.YOUR-4105E587B6\Application Data\OpenOffice.org2
2009-03-13 14:21 --------- d-----w c:\program files\palmOne
2009-03-13 00:08 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-11 13:57 --------- d-----w c:\program files\WBid
2009-03-10 21:58 --------- d-----w c:\program files\Google
2009-03-10 00:20 --------- d-----w c:\program files\Viewpoint
2009-03-10 00:20 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-10 00:17 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-10 00:16 --------- d-----w c:\program files\Java
2009-03-08 04:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-08 04:22 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-05 13:56 --------- d-----w c:\documents and settings\user.YOUR-4105E587B6\Application Data\AVG7
2009-03-05 05:15 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-05 02:31 --------- d-----w c:\program files\Yahoo!
2009-03-05 02:30 --------- d-----w c:\program files\Hasbro Interactive
2009-03-05 02:29 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-05 02:22 --------- d-----w c:\program files\Easy Internet signup
2009-03-05 02:21 --------- d-----w c:\program files\Disney
2009-02-26 23:41 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 23:34 --------- d-----w c:\program files\Hewlett-Packard
2009-02-26 23:28 --------- d-----w c:\program files\Hp
2009-02-10 14:19 --------- d-----w c:\documents and settings\user.YOUR-4105E587B6\Application Data\Sony Corporation
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-17 02:38 --------- d-----w c:\program files\Sony
2009-01-15 07:17 636,264 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-01-15 07:17 392,040 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 07:13 5,888,512 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 07:12 10,963,968 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-01-15 07:06 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-01-15 07:06 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2009-01-15 07:06 1,182,720 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-01-15 07:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 07:05 911,872 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-01-15 07:05 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-01-15 07:05 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-01-15 07:05 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-01-15 07:05 109,056 ----a-w c:\windows\system32\dllcache\occache.dll
2009-01-15 07:04 755,200 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-01-15 07:04 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-01-15 07:04 18,944 ----a-w c:\windows\system32\corpol.dll
2009-01-15 07:04 18,944 ------w c:\windows\system32\dllcache\corpol.dll
2009-01-15 07:02 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-01-15 07:02 593,920 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-01-15 07:02 1,975,296 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-01-15 07:01 66,560 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2009-01-15 07:01 59,904 ----a-w c:\windows\system32\dllcache\icardie.dll
2009-01-15 07:01 54,272 ----a-w c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-15 07:01 46,592 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2009-01-15 07:01 348,160 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
2009-01-15 07:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 07:01 34,304 ----a-w c:\windows\system32\dllcache\imgutil.dll
2009-01-15 07:01 216,064 ----a-w c:\windows\system32\dllcache\dxtrans.dll
2009-01-15 07:01 183,808 ----a-w c:\windows\system32\dllcache\iepeers.dll
2009-01-15 07:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 07:00 48,128 ----a-w c:\windows\system32\dllcache\mshtmler.dll
2009-01-15 07:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-15 07:00 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
2009-01-15 06:53 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-01-15 06:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-15 06:50 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-01-15 06:35 445,440 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2008-12-20 23:15 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-11-16 22:03 5,324 ----a-w c:\documents and settings\user.YOUR-4105E587B6\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-08 185896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"QOELOADER"="c:\program files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe" [2006-04-21 6656]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 451896]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 451896]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-22 155648]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-22 126976]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-24 590848]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-08 515416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-26 219136]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

c:\documents and settings\user.YOUR-4105E587B6\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2008-08-17 2367488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WBid\\WBid.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Rosetta Stone\\RS2.1.5.1Asms\\Discover.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"80:TCP"= 80:TCP:WWW

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-01 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951120]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-08 12:52]

2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-13 c:\windows\Tasks\User_Feed_Synchronization-{E3D56D85-4787-495A-90B6-199898059B74}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 03:01]

2009-03-13 c:\windows\Tasks\WebReg Photosmart C4380 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-14 21:40]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uDefault_Search_URL =
mStart Page = about:blank
mSearch Bar =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: turbotax.com
DPF: {F46DBC27-03CB-4BDC-BD25-0B36EE2B2268} - hxxp://www.figware.com/download/wb3/setup.exe
FF - ProfilePath - c:\documents and settings\user.YOUR-4105E587B6\Application Data\Mozilla\Firefox\Profiles\a2r20t9t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 20:23:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????P??|?@???? ?,?B?????????????hLC? ??????

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-13 20:28:35
ComboFix-quarantined-files.txt 2009-03-14 00:27:09

Pre-Run: 13,798,809,600 bytes free
Post-Run: 14,905,458,688 bytes free

265 --- E O F --- 2009-03-11 07:02:14
  • 0

Advertisements


#26
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Like I said, these google redirects can be a bugger to find! You will need to print this post out as you need to go into Safe Mode and this forum will not be available to you.

Download a new version of GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download this Rootkit detector and save to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on file downloaded to start the program. (If running Vista, right click on this file and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if the utility detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit this program and re-enable all active protection when done.

  • 0

#27
swa737pilot

swa737pilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
RatHat,
ComboFix appears to have stopped the redirects! If you think I should continue with the other fixes, let me know.

ขอบคุณครับ, Steve
  • 0

#28
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Steve,

Combofix didn't remove anything according to it's log, so I would prefer if you would run the other fixes, just so we can make doubly sure that what was causing them has gone.


ขอบคุณครับ, Steve


:) And thank you too Steve! Fortunately, I can read some Thai, I am English, but my wife is Thai, so is able to translate when I get stuck!
  • 0

#29
swa737pilot

swa737pilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
RatHat,
Hete is the GooredLog:

GooredFix v1.92 by jpshortstuff
Log created at 18:45 on 14/03/2009 running Option #1 (user)
Firefox version 3.0.7 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"
  • 0

#30
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Well, that one is OK. Lets see if the other two bring anything in.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP