Jump to content

Recommended Posts

Howdy, gang. My wife made one wrong mouse click yesterday and XP Security 2012 managed to sneak onto her desktop. I have run multiple scans of Malwarebytes, Spybot and SuperAntiSpyware with limited success. I seemed to have removed most of the malware but what is left behind is a "ping.exe" running process that causes Google to redirect...and also causes internet privacy settings to change automatically and accept ALL cookies. The weird thing is that when click on ping.exe in the task manager and "end" the process I can search the internet without issue. The problem is that ping.exe restarts itself after a few minutes and and the browser redirecting begins again. Her computer is running Windows XP SP2. I ran a Malwarebytes (again) about an hour ago and found a couple of things which were seemingly fixed after rebooting.

I just ran another scan and found nothing. Oh...and I have run Kapersky TDSSKiller three times and each time ZERO threats were found. Here are the logs:

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.11

Run by HP_Owner at 18:31:47 on 2011-12-04

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.276 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\ATT-SST\McciTrayApp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\java.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\eFax Messenger 4.4\J2GTray.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\WINDOWS\System32\ping.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe

mRun: [HPHmon06] c:\windows\system32\hphmon06.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [VTTimer] VTTimer.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"

mRun: [bJCFD] c:\program files\broadjump\client foundation\CFD.exe

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe

mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe

mRun: [HelpCenter4.1] c:\program files\fastaccessdsl\helpcenter43\bin\sprtcmd.exe /P HelpCenter4.1

mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [Nike+ Connect] "c:\program files\nike\nike+ connect\Nike+ Connect daemon.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: $talisma_url$

Trusted Zone: intersourcing.com

Trusted Zone: turbotax.com

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {380BBEC2-4CAE-4ECE-8AFF-36CDE7916386} - hxxps://learn.ultimatesoftware.com/URA/URA/lib/srdp.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {54CE37E0-9834-41AE-9896-4DAB69DC022B} - hxxps://learn.ultimatesoftware.com/URA/URA/lib/srdp.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{8C400804-A2D7-452B-8FB3-216E55CD9025} : DhcpNameServer = 192.168.1.254

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\8vmzxgh5.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]

.

=============== Created Last 30 ================

.

2011-12-04 23:08:07 388096 ----a-r- c:\documents and settings\hp_owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-12-04 22:35:16 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{f5b8cd4a-3114-4316-9511-6be6864d5a1a}\offreg.dll

2011-12-04 12:02:40 -------- d-----w- c:\program files\MicrosoftSecurityScanner

2011-12-03 22:31:16 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{f5b8cd4a-3114-4316-9511-6be6864d5a1a}\mpengine.dll

2011-12-03 22:28:17 17059528 ----a-w- c:\program files\windows defender\windowsdefender\mpas-fe.exe

2011-12-03 22:26:54 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll

.

==================== Find3M ====================

.

2011-10-18 20:43:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2009-10-13 02:12:04 3309072 ----a-w- c:\program files\ccsetup224.exe

2008-09-22 21:59:39 2189864 ----a-w- c:\program files\mbam-setup.exe

2008-09-10 22:38:52 15083520 ----a-w- c:\program files\Spybot-search and destroy.exe

2008-04-07 11:43:05 10466656 ----a-w- c:\program files\winzip111.exe

2007-02-06 13:43:31 5186048 ----a-w- c:\program files\WindowsDefender.msi

2007-01-02 02:38:24 2808271 ----a-w- c:\program files\DVD2iPod_210_sdne1230erw.exe

2007-01-02 02:35:16 3088084 ----a-w- c:\program files\Video2iPod_202_qwer1204rewq.exe

.

============= FINISH: 18:32:43.96 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 11/14/2004 3:57:23 PM

System Uptime: 12/4/2011 5:34:45 PM (1 hours ago)

.

Motherboard: ASUSTek Computer INC. | | Kelut

Processor: AMD Athlon XP 3200+ | Socket A | 2199/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 180 GiB total, 74.457 GiB free.

D: is FIXED (FAT32) - 6 GiB total, 0.753 GiB free.

E: is CDROM ()

F: is CDROM ()

H: is Removable

I: is Removable

J: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1601: 9/6/2011 8:19:16 AM - Software Distribution Service 3.0

RP1602: 9/6/2011 8:24:46 AM - Software Distribution Service 3.0

RP1603: 9/7/2011 8:19:39 AM - Software Distribution Service 3.0

RP1604: 9/7/2011 10:17:23 PM - Software Distribution Service 3.0

RP1605: 9/8/2011 10:45:34 PM - System Checkpoint

RP1606: 9/9/2011 7:16:03 AM - Software Distribution Service 3.0

RP1607: 9/9/2011 7:24:17 AM - Software Distribution Service 3.0

RP1608: 9/9/2011 10:41:37 AM - Software Distribution Service 3.0

RP1609: 9/12/2011 9:02:17 AM - System Checkpoint

RP1610: 9/13/2011 1:45:42 AM - Software Distribution Service 3.0

RP1611: 9/13/2011 3:00:40 AM - Software Distribution Service 3.0

RP1612: 9/13/2011 2:35:02 PM - Software Distribution Service 3.0

RP1613: 9/17/2011 11:07:10 AM - Software Distribution Service 3.0

RP1614: 9/18/2011 3:00:50 AM - Software Distribution Service 3.0

RP1615: 9/19/2011 3:00:49 AM - Software Distribution Service 3.0

RP1616: 9/20/2011 3:00:41 AM - Software Distribution Service 3.0

RP1617: 9/20/2011 1:30:05 PM - Software Distribution Service 3.0

RP1618: 9/20/2011 6:54:03 PM - Software Distribution Service 3.0

RP1619: 9/21/2011 8:16:08 AM - Software Distribution Service 3.0

RP1620: 9/21/2011 8:36:04 AM - Software Distribution Service 3.0

RP1621: 9/21/2011 9:39:02 PM - Software Distribution Service 3.0

RP1622: 9/23/2011 6:45:54 AM - Software Distribution Service 3.0

RP1623: 9/23/2011 6:58:08 AM - Software Distribution Service 3.0

RP1624: 9/24/2011 12:04:22 PM - Software Distribution Service 3.0

RP1625: 9/24/2011 11:14:32 PM - Software Distribution Service 3.0

RP1626: 9/26/2011 9:09:43 AM - System Checkpoint

RP1627: 9/26/2011 5:38:42 PM - Software Distribution Service 3.0

RP1628: 9/27/2011 9:43:03 AM - Software Distribution Service 3.0

RP1629: 9/27/2011 2:15:59 PM - Software Distribution Service 3.0

RP1630: 9/29/2011 7:14:32 AM - System Checkpoint

RP1631: 9/29/2011 9:14:06 PM - Software Distribution Service 3.0

RP1632: 9/30/2011 12:36:30 PM - Software Distribution Service 3.0

RP1633: 10/1/2011 3:00:45 AM - Software Distribution Service 3.0

RP1634: 10/1/2011 10:36:31 AM - Software Distribution Service 3.0

RP1635: 10/2/2011 11:21:19 AM - System Checkpoint

RP1636: 10/2/2011 11:44:46 AM - Software Distribution Service 3.0

RP1637: 10/4/2011 1:55:38 PM - Software Distribution Service 3.0

RP1638: 10/5/2011 3:01:16 AM - Software Distribution Service 3.0

RP1639: 10/6/2011 3:01:02 AM - Software Distribution Service 3.0

RP1640: 10/7/2011 2:29:16 AM - Software Distribution Service 3.0

RP1641: 10/7/2011 3:01:09 AM - Software Distribution Service 3.0

RP1642: 10/8/2011 3:01:18 AM - Software Distribution Service 3.0

RP1643: 10/9/2011 3:01:20 AM - Software Distribution Service 3.0

RP1644: 10/10/2011 3:01:02 AM - Software Distribution Service 3.0

RP1645: 10/11/2011 1:55:39 AM - Software Distribution Service 3.0

RP1646: 10/11/2011 3:01:20 AM - Software Distribution Service 3.0

RP1647: 10/12/2011 1:54:42 AM - Software Distribution Service 3.0

RP1648: 10/12/2011 3:01:31 AM - Software Distribution Service 3.0

RP1649: 10/13/2011 6:23:18 AM - System Checkpoint

RP1650: 10/18/2011 4:49:16 PM - Software Distribution Service 3.0

RP1651: 10/19/2011 4:42:57 AM - Software Distribution Service 3.0

RP1652: 10/20/2011 4:43:23 AM - Software Distribution Service 3.0

RP1653: 10/21/2011 1:42:41 AM - Software Distribution Service 3.0

RP1654: 10/21/2011 3:00:43 AM - Software Distribution Service 3.0

RP1655: 10/21/2011 9:41:22 PM - Software Distribution Service 3.0

RP1656: 10/23/2011 1:26:56 AM - System Checkpoint

RP1657: 10/23/2011 3:00:52 AM - Software Distribution Service 3.0

RP1658: 10/23/2011 1:37:35 PM - Software Distribution Service 3.0

RP1659: 10/24/2011 3:04:19 PM - System Checkpoint

RP1660: 10/25/2011 2:05:43 AM - Software Distribution Service 3.0

RP1661: 10/25/2011 3:00:58 AM - Software Distribution Service 3.0

RP1662: 10/26/2011 9:54:21 AM - Software Distribution Service 3.0

RP1663: 10/27/2011 3:01:02 AM - Software Distribution Service 3.0

RP1664: 10/28/2011 9:54:47 AM - Software Distribution Service 3.0

RP1665: 10/28/2011 10:25:12 AM - Software Distribution Service 3.0

RP1666: 10/29/2011 3:00:59 AM - Software Distribution Service 3.0

RP1667: 10/30/2011 3:00:36 AM - Software Distribution Service 3.0

RP1668: 10/31/2011 3:01:07 AM - Software Distribution Service 3.0

RP1669: 11/1/2011 9:57:18 AM - Software Distribution Service 3.0

RP1670: 11/1/2011 4:43:47 PM - Software Distribution Service 3.0

RP1671: 11/2/2011 3:00:44 AM - Software Distribution Service 3.0

RP1672: 11/2/2011 10:17:01 AM - Software Distribution Service 3.0

RP1673: 11/2/2011 10:50:51 PM - Software Distribution Service 3.0

RP1674: 11/3/2011 11:23:48 PM - System Checkpoint

RP1675: 11/4/2011 3:00:47 AM - Software Distribution Service 3.0

RP1676: 11/4/2011 10:32:00 AM - Software Distribution Service 3.0

RP1677: 11/5/2011 6:10:30 AM - Software Distribution Service 3.0

RP1678: 11/6/2011 2:00:49 AM - Software Distribution Service 3.0

RP1679: 11/6/2011 3:00:53 AM - Software Distribution Service 3.0

RP1680: 11/6/2011 9:13:11 PM - Software Distribution Service 3.0

RP1681: 11/8/2011 12:56:11 AM - System Checkpoint

RP1682: 11/8/2011 2:21:21 AM - Software Distribution Service 3.0

RP1683: 11/8/2011 3:00:55 AM - Software Distribution Service 3.0

RP1684: 11/8/2011 11:16:38 PM - Software Distribution Service 3.0

RP1685: 11/9/2011 9:00:23 PM - Software Distribution Service 3.0

RP1686: 11/11/2011 10:20:26 AM - Software Distribution Service 3.0

RP1687: 11/12/2011 9:57:06 AM - Software Distribution Service 3.0

RP1688: 11/12/2011 10:56:39 AM - Software Distribution Service 3.0

RP1689: 11/13/2011 11:50:30 AM - System Checkpoint

RP1690: 11/14/2011 9:30:19 AM - Software Distribution Service 3.0

RP1691: 11/15/2011 2:16:37 AM - Software Distribution Service 3.0

RP1692: 11/15/2011 3:00:55 AM - Software Distribution Service 3.0

RP1693: 11/15/2011 9:31:04 PM - Software Distribution Service 3.0

RP1694: 11/18/2011 5:41:16 PM - Software Distribution Service 3.0

RP1695: 11/19/2011 9:59:48 AM - Software Distribution Service 3.0

RP1696: 11/20/2011 10:10:09 AM - Software Distribution Service 3.0

RP1697: 11/21/2011 6:37:24 AM - Software Distribution Service 3.0

RP1698: 11/21/2011 6:59:53 AM - Software Distribution Service 3.0

RP1699: 11/26/2011 1:16:54 PM - Software Distribution Service 3.0

RP1700: 11/27/2011 1:13:33 PM - Software Distribution Service 3.0

RP1701: 11/28/2011 7:45:07 AM - Software Distribution Service 3.0

RP1702: 11/29/2011 2:18:28 AM - Software Distribution Service 3.0

RP1703: 11/29/2011 3:00:38 AM - Software Distribution Service 3.0

RP1704: 11/29/2011 7:17:05 PM - Software Distribution Service 3.0

RP1705: 11/30/2011 8:42:27 PM - System Checkpoint

RP1706: 12/1/2011 8:41:26 AM - Software Distribution Service 3.0

RP1707: 12/2/2011 8:42:24 AM - Software Distribution Service 3.0

RP1708: 12/2/2011 8:53:05 AM - Software Distribution Service 3.0

RP1709: 12/3/2011 3:07:11 AM - Software Distribution Service 3.0

RP1710: 12/3/2011 6:39:56 AM - Software Distribution Service 3.0

RP1711: 12/3/2011 4:18:05 PM - Removed Windows Defender

RP1712: 12/3/2011 4:27:12 PM - Installed Windows Defender

RP1713: 12/4/2011 6:08:05 PM - Installed HiJackThis

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player 11 ActiveX

Adobe Photoshop Album 2.0 Starter Edition

Adobe Reader 9.1

Agere Systems PCI Soft Modem

AiO_Scan

AiOSoftware

America Online (Choose which version to remove)

AnswerWorks 4.0 Runtime - English

AOL Coach Version 1.0(Build:20030807.3)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoBase 3

ArcSoft PhotoStudio 5

AT&T Service & Support Tool

AviSynth 2.5

Bonjour

BroadJump Client Foundation

BufferChm

CameraDrivers

Canon CanoScan Toolbox 4.0

CanoScan LiDE20,30 Manual

CCleaner (remove only)

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Compatibility Pack for the 2007 Office system

Copy

CreativeProjects

CreativeProjectsTemplates

CueTour

Destinations

Director

DocProc

DocumentViewer

DVD Decrypter (Remove Only)

Easy Internet Sign-up

eFax Messenger

FastAccess® DSL Help Center 4.3

Fax

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 4.5.0.457

Help and Support Additions

High Definition Audio Driver Package - KB835221

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Deskjet Preloaded Printer Drivers

HP Diagnostic Assistant

HP Image Zone 4.2

HP Image Zone Plus 4.2

HP Organize

HP Photo & Imaging 3.5 - HP Devices

HP PSC & OfficeJet 4.0

HP Software Update

hpg2436

hpg3970

hpg4600

hpg5530

hpg8200

HPIZ402

HpSdpAppCoreApp

HPSystemDiagnostics

InstantShare

IntelliMover Data Transfer Demo

InterVideo WinDVD Creator 2

InterVideo WinDVD Player

iPod for Windows 2006-03-23

iPod Updater 2004-11-15

ItsDeductible Express

iTunes

Java 6 Update 16

KBD

LaserJet 1020 series

Learn2 Player (Uninstall Only)

Linksys EasyLink Advisor

Linksys Updater

LiveUpdate 2.6 (Symantec Corporation)

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft IntelliPoint 5.2

Microsoft IntelliType Pro 5.2

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Primary Interop Assemblies

Microsoft Office Standard Edition 2003

Microsoft Plus! Dancer LE

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Works 7.0

MobileMe Control Panel

Mozilla Firefox (3.6.10)

MSN

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB973686)

muvee autoProducer 3.5 magicMoments - HPD

Nike+ Connect

OmniPage SE

OrderReminder HP LaserJet 1020

PC-Doctor for Windows

PhotoGallery

Photosmart 320,370,7400,8100,8400 Series

PrintScreen

PSPrinters06

Pure Networks Platform

Python 2.2 combined Win32 extensions

Python 2.2.1

QFolder

QuickBooks

QuickBooks Pro 2010

Quicken 2004

QuickProjects

QuickTime

Readme

RealPlayer

S3 S3Display

S3 S3Gamma2

S3 S3Info2

S3 S3Overlay

Scan

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB948881)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981349)

SkinsHP1

SkinsHP2

Sonic RecordNow!

Spybot - Search & Destroy

SpywareBlaster 4.5

SUPERAntiSpyware

Terminal Services Client

TrayApp

TurboTax Basic 2006

TurboTax Deluxe 2004

TurboTax Deluxe 2005

TurboTax Home & Business 2007

TurboTax ItsDeductible 2005

TurboTax ItsDeductible 2006

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB925720)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB933360)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Updates from HP

VIA Rhine-Family Fast Ethernet Adapter

VIA/S3G Display Driver

Videora iPod Converter 3.07

Viewpoint Manager (Remove Only)

WebEx Support Manager for Internet Explorer

WebFldrs XP

WebReg

WexTech AnswerWorks

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Presentation Foundation

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB883667

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

WinZip 11.1

XML Paper Specification Shared Components Pack 1.0

Yahoo! Photos Easy Upload Tool

Yahoo! Photos Print-at-Home Tool

.

==== Event Viewer Messages From Past Week ========

.

12/4/2011 9:55:01 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402

12/4/2011 9:55:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402

12/4/2011 8:55:00 AM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402

12/4/2011 8:55:00 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402

12/4/2011 7:55:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402

12/4/2011 7:55:00 AM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402

12/4/2011 6:55:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402

12/4/2011 6:55:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402

12/4/2011 6:48:48 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'redbook.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

12/4/2011 6:04:01 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'redbook.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

12/4/2011 5:55:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402

12/4/2011 5:55:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402

12/4/2011 4:55:00 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402

12/4/2011 4:55:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402

12/4/2011 4:55:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402

12/4/2011 3:55:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402

12/4/2011 3:55:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402

12/4/2011 3:55:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402

12/4/2011 2:55:01 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402

12/4/2011 2:55:01 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402

12/4/2011 2:55:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402

12/4/2011 2:55:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402

12/4/2011 12:55:01 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402

12/4/2011 12:55:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402

12/4/2011 12:55:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402

12/4/2011 11:55:01 AM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402

12/4/2011 11:55:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402

12/4/2011 10:55:00 AM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402

12/4/2011 10:55:00 AM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402

12/4/2011 1:55:03 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402

12/4/2011 1:55:02 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402

12/4/2011 1:55:00 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402

12/4/2011 1:55:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402

12/3/2011 9:55:02 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402

12/3/2011 9:55:01 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402

12/3/2011 8:55:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402

12/3/2011 8:55:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402

12/3/2011 6:41:45 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2584052).

12/3/2011 6:41:27 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2553072).

12/3/2011 6:40:32 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2003 (KB2539581).

12/3/2011 5:55:00 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402

12/3/2011 5:55:00 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402

12/3/2011 4:55:01 PM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402

12/3/2011 4:44:39 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

12/3/2011 4:38:45 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .

12/3/2011 4:38:45 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL. Reference error message: The operation completed successfully. .

12/3/2011 4:38:45 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

12/3/2011 4:37:59 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

12/3/2011 4:18:27 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

12/3/2011 3:55:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402

12/3/2011 2:54:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: fasttx2k SISAGP

12/3/2011 12:55:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402

12/3/2011 12:42:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/3/2011 12:39:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

12/3/2011 11:55:01 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402

12/3/2011 11:55:01 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402

12/3/2011 11:04:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

12/3/2011 10:55:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402

12/3/2011 10:55:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402

12/3/2011 10:47:28 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 ctxusbm Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

12/3/2011 10:47:28 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

12/3/2011 10:47:28 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/3/2011 10:47:28 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/3/2011 10:47:28 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.

12/3/2011 10:47:28 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/3/2011 10:47:28 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/3/2011 10:33:17 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

.

==== End Of File ===========================

Any help appreciated.

Link to post
Share on other sites

Hello Quartermass! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Step 1

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: -http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check. Check the Scan All Users too.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

In your next reply, please post the following log files:

  • TDSSKiller log
  • OTL log with Extras.txt

Link to post
Share on other sites

Hello Maniac! Thanks so much for the reply. I have done as you requested and unistalled the Viewpoint program that was present. I also ran TDSSKiller (with "additional options" selected) as well as OTL (using the options you specified). I tried to attach all three logs at once but the forum said my post was "too long". Here is the TDSSKiller log:

TDSSKiller.Txt:

05:36:00.0750 2672 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

05:36:01.0140 2672 ============================================================

05:36:01.0140 2672 Current date / time: 2011/12/05 05:36:01.0140

05:36:01.0140 2672 SystemInfo:

05:36:01.0140 2672

05:36:01.0140 2672 OS Version: 5.1.2600 ServicePack: 2.0

05:36:01.0140 2672 Product type: Workstation

05:36:01.0140 2672 ComputerName: YOUR-AE066C3A9B

05:36:01.0140 2672 UserName: HP_Owner

05:36:01.0140 2672 Windows directory: C:\WINDOWS

05:36:01.0140 2672 System windows directory: C:\WINDOWS

05:36:01.0140 2672 Processor architecture: Intel x86

05:36:01.0140 2672 Number of processors: 1

05:36:01.0140 2672 Page size: 0x1000

05:36:01.0140 2672 Boot type: Normal boot

05:36:01.0140 2672 ============================================================

05:36:02.0703 2672 Initialize success

05:36:29.0859 3688 ============================================================

05:36:29.0859 3688 Scan started

05:36:29.0859 3688 Mode: Manual; SigCheck; TDLFS;

05:36:29.0859 3688 ============================================================

05:36:30.0703 3688 Abiosdsk - ok

05:36:30.0734 3688 abp480n5 - ok

05:36:30.0781 3688 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

05:36:32.0750 3688 ACPI - ok

05:36:32.0859 3688 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

05:36:33.0093 3688 ACPIEC - ok

05:36:33.0125 3688 adpu160m - ok

05:36:33.0203 3688 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

05:36:33.0796 3688 aec - ok

05:36:33.0843 3688 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

05:36:33.0937 3688 AFD - ok

05:36:34.0031 3688 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

05:36:34.0187 3688 AgereSoftModem - ok

05:36:34.0218 3688 Aha154x - ok

05:36:34.0250 3688 aic78u2 - ok

05:36:34.0265 3688 aic78xx - ok

05:36:34.0343 3688 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

05:36:34.0453 3688 ALCXSENS - ok

05:36:34.0687 3688 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

05:36:34.0906 3688 ALCXWDM - ok

05:36:34.0937 3688 AliIde - ok

05:36:34.0984 3688 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys

05:36:35.0203 3688 AmdK7 - ok

05:36:35.0234 3688 amsint - ok

05:36:35.0296 3688 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

05:36:35.0531 3688 Arp1394 - ok

05:36:35.0546 3688 asc - ok

05:36:35.0578 3688 asc3350p - ok

05:36:35.0609 3688 asc3550 - ok

05:36:35.0687 3688 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

05:36:35.0921 3688 AsyncMac - ok

05:36:35.0984 3688 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

05:36:36.0203 3688 atapi - ok

05:36:36.0218 3688 Atdisk - ok

05:36:36.0265 3688 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

05:36:36.0500 3688 Atmarpc - ok

05:36:36.0546 3688 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

05:36:36.0750 3688 audstub - ok

05:36:36.0828 3688 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

05:36:37.0078 3688 Beep - ok

05:36:37.0125 3688 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

05:36:37.0328 3688 cbidf2k - ok

05:36:37.0359 3688 cd20xrnt - ok

05:36:37.0390 3688 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

05:36:37.0578 3688 Cdaudio - ok

05:36:37.0625 3688 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

05:36:37.0875 3688 Cdfs - ok

05:36:37.0921 3688 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

05:36:38.0125 3688 Cdrom - ok

05:36:38.0156 3688 Changer - ok

05:36:38.0203 3688 CmdIde - ok

05:36:38.0250 3688 Cpqarray - ok

05:36:38.0328 3688 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

05:36:38.0421 3688 ctxusbm - ok

05:36:38.0546 3688 dac2w2k - ok

05:36:38.0562 3688 dac960nt - ok

05:36:38.0625 3688 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

05:36:38.0937 3688 Disk - ok

05:36:39.0015 3688 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

05:36:39.0281 3688 dmboot - ok

05:36:39.0343 3688 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

05:36:39.0531 3688 dmio - ok

05:36:39.0578 3688 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

05:36:39.0781 3688 dmload - ok

05:36:39.0843 3688 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

05:36:40.0078 3688 DMusic - ok

05:36:40.0109 3688 dpti2o - ok

05:36:40.0187 3688 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

05:36:40.0437 3688 drmkaud - ok

05:36:40.0515 3688 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

05:36:40.0718 3688 Fastfat - ok

05:36:40.0750 3688 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

05:36:40.0812 3688 fasttx2k - ok

05:36:40.0875 3688 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

05:36:41.0109 3688 Fdc - ok

05:36:41.0171 3688 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

05:36:41.0218 3688 FETND5BV - ok

05:36:41.0265 3688 FETNDISB (b7186b33b6cf3a23841015531e6e7d68) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys

05:36:41.0328 3688 FETNDISB - ok

05:36:41.0375 3688 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

05:36:41.0625 3688 Fips - ok

05:36:41.0671 3688 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

05:36:41.0921 3688 Flpydisk - ok

05:36:41.0968 3688 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

05:36:42.0640 3688 FltMgr - ok

05:36:42.0703 3688 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

05:36:42.0890 3688 Fs_Rec - ok

05:36:42.0921 3688 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

05:36:43.0109 3688 Ftdisk - ok

05:36:43.0156 3688 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

05:36:43.0156 3688 GEARAspiWDM - ok

05:36:43.0187 3688 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

05:36:43.0390 3688 Gpc - ok

05:36:43.0468 3688 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

05:36:43.0656 3688 HidUsb - ok

05:36:43.0687 3688 hpn - ok

05:36:43.0750 3688 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

05:36:43.0796 3688 HTTP - ok

05:36:43.0890 3688 i2omgmt - ok

05:36:43.0921 3688 i2omp - ok

05:36:43.0984 3688 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

05:36:44.0187 3688 i8042prt - ok

05:36:44.0250 3688 ialm (53fdf10a5baf4f0a345bc5e941392186) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

05:36:44.0375 3688 ialm - ok

05:36:44.0437 3688 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

05:36:44.0640 3688 Imapi - ok

05:36:44.0703 3688 ini910u - ok

05:36:44.0765 3688 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

05:36:44.0968 3688 IntelIde - ok

05:36:45.0015 3688 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

05:36:45.0218 3688 intelppm - ok

05:36:45.0234 3688 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

05:36:45.0406 3688 Ip6Fw - ok

05:36:45.0453 3688 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

05:36:45.0625 3688 IpFilterDriver - ok

05:36:45.0687 3688 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

05:36:45.0890 3688 IpInIp - ok

05:36:45.0953 3688 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

05:36:46.0687 3688 IpNat - ok

05:36:46.0734 3688 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

05:36:46.0953 3688 IPSec - ok

05:36:46.0984 3688 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

05:36:47.0109 3688 IRENUM - ok

05:36:47.0171 3688 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

05:36:47.0359 3688 isapnp - ok

05:36:47.0421 3688 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

05:36:47.0437 3688 Iviaspi ( UnsignedFile.Multi.Generic ) - warning

05:36:47.0437 3688 Iviaspi - detected UnsignedFile.Multi.Generic (1)

05:36:47.0515 3688 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

05:36:47.0703 3688 Kbdclass - ok

05:36:47.0765 3688 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

05:36:47.0953 3688 kbdhid - ok

05:36:48.0015 3688 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

05:36:48.0796 3688 kmixer - ok

05:36:48.0859 3688 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

05:36:48.0906 3688 KSecDD - ok

05:36:48.0921 3688 lbrtfdc - ok

05:36:49.0015 3688 MCSTRM - ok

05:36:49.0078 3688 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

05:36:49.0265 3688 mnmdd - ok

05:36:49.0312 3688 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

05:36:49.0515 3688 Modem - ok

05:36:49.0546 3688 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

05:36:49.0750 3688 Mouclass - ok

05:36:49.0781 3688 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

05:36:50.0000 3688 mouhid - ok

05:36:50.0046 3688 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

05:36:50.0234 3688 MountMgr - ok

05:36:50.0265 3688 mraid35x - ok

05:36:50.0406 3688 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

05:36:50.0421 3688 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

05:36:50.0421 3688 MREMP50 - detected UnsignedFile.Multi.Generic (1)

05:36:50.0437 3688 MREMP50a64 - ok

05:36:50.0468 3688 MREMPR5 - ok

05:36:50.0484 3688 MRENDIS5 - ok

05:36:50.0515 3688 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

05:36:50.0546 3688 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

05:36:50.0546 3688 MRESP50 - detected UnsignedFile.Multi.Generic (1)

05:36:50.0562 3688 MRESP50a64 - ok

05:36:50.0703 3688 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

05:36:51.0515 3688 MRxDAV - ok

05:36:51.0578 3688 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

05:36:51.0703 3688 MRxSmb - ok

05:36:51.0734 3688 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

05:36:51.0921 3688 Msfs - ok

05:36:51.0984 3688 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

05:36:52.0187 3688 MSKSSRV - ok

05:36:52.0218 3688 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

05:36:52.0390 3688 MSPCLOCK - ok

05:36:52.0406 3688 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

05:36:52.0578 3688 MSPQM - ok

05:36:52.0625 3688 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

05:36:52.0812 3688 mssmbios - ok

05:36:52.0859 3688 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

05:36:53.0062 3688 Mup - ok

05:36:53.0109 3688 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

05:36:53.0328 3688 NDIS - ok

05:36:53.0390 3688 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

05:36:53.0562 3688 NdisTapi - ok

05:36:53.0593 3688 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

05:36:53.0765 3688 Ndisuio - ok

05:36:53.0812 3688 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

05:36:54.0031 3688 NdisWan - ok

05:36:54.0093 3688 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

05:36:54.0296 3688 NDProxy - ok

05:36:54.0343 3688 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

05:36:54.0546 3688 NetBIOS - ok

05:36:54.0593 3688 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

05:36:54.0765 3688 NetBT - ok

05:36:54.0828 3688 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

05:36:55.0015 3688 NIC1394 - ok

05:36:55.0062 3688 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

05:36:55.0234 3688 Npfs - ok

05:36:55.0328 3688 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

05:36:56.0156 3688 Ntfs - ok

05:36:56.0218 3688 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

05:36:56.0234 3688 NuidFltr - ok

05:36:56.0296 3688 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

05:36:56.0468 3688 Null - ok

05:36:56.0593 3688 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

05:36:56.0953 3688 nv - ok

05:36:56.0984 3688 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

05:36:57.0156 3688 NwlnkFlt - ok

05:36:57.0187 3688 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

05:36:57.0375 3688 NwlnkFwd - ok

05:36:57.0437 3688 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

05:36:57.0640 3688 ohci1394 - ok

05:36:57.0687 3688 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

05:36:57.0875 3688 Parport - ok

05:36:57.0921 3688 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

05:36:58.0093 3688 PartMgr - ok

05:36:58.0125 3688 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

05:36:58.0312 3688 ParVdm - ok

05:36:58.0343 3688 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

05:36:58.0546 3688 PCI - ok

05:36:58.0578 3688 PCIDump - ok

05:36:58.0625 3688 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

05:36:58.0796 3688 PCIIde - ok

05:36:58.0859 3688 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

05:36:59.0046 3688 Pcmcia - ok

05:36:59.0093 3688 PDCOMP - ok

05:36:59.0125 3688 PDFRAME - ok

05:36:59.0156 3688 PDRELI - ok

05:36:59.0187 3688 PDRFRAME - ok

05:36:59.0218 3688 perc2 - ok

05:36:59.0250 3688 perc2hib - ok

05:36:59.0343 3688 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

05:36:59.0343 3688 Pfc ( UnsignedFile.Multi.Generic ) - warning

05:36:59.0343 3688 Pfc - detected UnsignedFile.Multi.Generic (1)

05:36:59.0421 3688 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys

05:36:59.0437 3688 pnarp - ok

05:36:59.0484 3688 Point32 (3b6973d60bde757c53bb76842d31318e) C:\WINDOWS\system32\DRIVERS\point32.sys

05:36:59.0546 3688 Point32 - ok

05:36:59.0593 3688 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

05:36:59.0796 3688 PptpMiniport - ok

05:36:59.0843 3688 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys

05:37:00.0031 3688 Processor - ok

05:37:00.0093 3688 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys

05:37:00.0140 3688 Ps2 - ok

05:37:00.0187 3688 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

05:37:00.0390 3688 PSched - ok

05:37:00.0453 3688 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

05:37:00.0656 3688 Ptilink - ok

05:37:00.0718 3688 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys

05:37:00.0718 3688 purendis - ok

05:37:00.0750 3688 PxHelp20 (d6ab98dcf05efe76431414efb49ed66a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

05:37:00.0765 3688 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

05:37:00.0765 3688 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

05:37:00.0828 3688 ql1080 - ok

05:37:00.0859 3688 Ql10wnt - ok

05:37:00.0890 3688 ql12160 - ok

05:37:00.0921 3688 ql1240 - ok

05:37:00.0937 3688 ql1280 - ok

05:37:01.0000 3688 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

05:37:01.0218 3688 RasAcd - ok

05:37:01.0265 3688 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

05:37:01.0468 3688 Rasl2tp - ok

05:37:01.0500 3688 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

05:37:01.0671 3688 RasPppoe - ok

05:37:01.0687 3688 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

05:37:01.0859 3688 Raspti - ok

05:37:01.0937 3688 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

05:37:02.0812 3688 Rdbss - ok

05:37:02.0984 3688 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

05:37:03.0171 3688 RDPCDD - ok

05:37:03.0281 3688 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

05:37:04.0140 3688 RDPWD - ok

05:37:04.0187 3688 redbook (6dbd81d5b12b7f5b5923e85097fda1f0) C:\WINDOWS\system32\DRIVERS\redbook.sys

05:37:04.0203 3688 redbook ( UnsignedFile.Multi.Generic ) - warning

05:37:04.0203 3688 redbook - detected UnsignedFile.Multi.Generic (1)

05:37:04.0265 3688 RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

05:37:04.0296 3688 RimSerPort - ok

05:37:04.0328 3688 RimUsb - ok

05:37:04.0390 3688 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

05:37:04.0578 3688 ROOTMODEM - ok

05:37:04.0656 3688 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

05:37:04.0687 3688 rtl8139 - ok

05:37:04.0796 3688 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

05:37:04.0812 3688 SASDIFSV - ok

05:37:04.0843 3688 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

05:37:04.0859 3688 SASKUTIL - ok

05:37:05.0000 3688 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys

05:37:05.0203 3688 sbp2port - ok

05:37:05.0265 3688 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

05:37:06.0125 3688 Secdrv - ok

05:37:06.0171 3688 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

05:37:06.0359 3688 serenum - ok

05:37:06.0406 3688 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

05:37:06.0593 3688 Serial - ok

05:37:06.0656 3688 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

05:37:06.0828 3688 Sfloppy - ok

05:37:06.0859 3688 Simbad - ok

05:37:06.0921 3688 SiS315 (7467e510c81b19a6b590a3868f499b23) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

05:37:06.0968 3688 SiS315 - ok

05:37:07.0015 3688 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

05:37:07.0046 3688 SISAGP - ok

05:37:07.0093 3688 SiSkp (14ed728e44b0e7a169217127d8510ca9) C:\WINDOWS\system32\DRIVERS\srvkp.sys

05:37:07.0125 3688 SiSkp - ok

05:37:07.0171 3688 Sparrow - ok

05:37:07.0234 3688 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

05:37:08.0078 3688 splitter - ok

05:37:08.0125 3688 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

05:37:08.0234 3688 sr - ok

05:37:08.0296 3688 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

05:37:08.0375 3688 Srv - ok

05:37:08.0453 3688 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

05:37:08.0609 3688 swenum - ok

05:37:08.0656 3688 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

05:37:08.0843 3688 swmidi - ok

05:37:08.0875 3688 symc810 - ok

05:37:08.0906 3688 symc8xx - ok

05:37:08.0937 3688 sym_hi - ok

05:37:08.0968 3688 sym_u3 - ok

05:37:09.0015 3688 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

05:37:09.0234 3688 sysaudio - ok

05:37:09.0328 3688 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

05:37:09.0437 3688 Tcpip - ok

05:37:09.0484 3688 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

05:37:09.0656 3688 TDPIPE - ok

05:37:09.0703 3688 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

05:37:09.0875 3688 TDTCP - ok

05:37:09.0937 3688 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

05:37:10.0109 3688 TermDD - ok

05:37:10.0140 3688 TosIde - ok

05:37:10.0203 3688 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

05:37:10.0390 3688 Udfs - ok

05:37:10.0421 3688 ultra - ok

05:37:10.0468 3688 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

05:37:10.0640 3688 Update - ok

05:37:10.0718 3688 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

05:37:10.0781 3688 USBAAPL - ok

05:37:10.0843 3688 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

05:37:11.0015 3688 usbccgp - ok

05:37:11.0062 3688 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

05:37:11.0250 3688 usbehci - ok

05:37:11.0281 3688 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

05:37:11.0468 3688 usbhub - ok

05:37:11.0515 3688 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys

05:37:11.0671 3688 usbohci - ok

05:37:11.0750 3688 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

05:37:11.0921 3688 usbprint - ok

05:37:11.0984 3688 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

05:37:12.0156 3688 usbscan - ok

05:37:12.0203 3688 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

05:37:12.0390 3688 USBSTOR - ok

05:37:12.0437 3688 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

05:37:12.0609 3688 usbuhci - ok

05:37:12.0640 3688 USB_RNDIS_XP (af090265ec388bab320f1ff7e7a7d5ea) C:\WINDOWS\system32\DRIVERS\usb8023.sys

05:37:12.0828 3688 USB_RNDIS_XP - ok

05:37:12.0890 3688 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

05:37:13.0062 3688 VgaSave - ok

05:37:13.0109 3688 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

05:37:13.0140 3688 viaagp1 - ok

05:37:13.0218 3688 viagfx (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys

05:37:13.0281 3688 viagfx - ok

05:37:13.0406 3688 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

05:37:13.0609 3688 ViaIde - ok

05:37:13.0640 3688 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

05:37:13.0843 3688 VolSnap - ok

05:37:13.0890 3688 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

05:37:14.0078 3688 Wanarp - ok

05:37:14.0140 3688 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

05:37:14.0187 3688 wanatw - ok

05:37:14.0265 3688 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

05:37:14.0312 3688 Wdf01000 - ok

05:37:14.0343 3688 WDICA - ok

05:37:14.0406 3688 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

05:37:15.0406 3688 wdmaud - ok

05:37:15.0546 3688 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

05:37:15.0609 3688 WudfPf - ok

05:37:15.0656 3688 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

05:37:15.0687 3688 WudfRd - ok

05:37:15.0750 3688 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0

05:37:15.0828 3688 \Device\Harddisk0\DR0 - ok

05:37:15.0843 3688 Boot (0x1200) (c494f6b2a516b8578d4602624af96154) \Device\Harddisk0\DR0\Partition0

05:37:15.0843 3688 \Device\Harddisk0\DR0\Partition0 - ok

05:37:15.0875 3688 Boot (0x1200) (6e92820a6394c51d1477b980c840d344) \Device\Harddisk0\DR0\Partition1

05:37:15.0875 3688 \Device\Harddisk0\DR0\Partition1 - ok

05:37:15.0890 3688 ============================================================

05:37:15.0890 3688 Scan finished

05:37:15.0890 3688 ============================================================

05:37:16.0046 0176 Detected object count: 6

05:37:16.0046 0176 Actual detected object count: 6

05:37:25.0468 0176 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user

05:37:25.0468 0176 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip

05:37:25.0484 0176 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

05:37:25.0484 0176 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

05:37:25.0484 0176 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

05:37:25.0484 0176 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

05:37:25.0484 0176 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user

05:37:25.0484 0176 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

05:37:25.0484 0176 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

05:37:25.0484 0176 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

05:37:25.0484 0176 redbook ( UnsignedFile.Multi.Generic ) - skipped by user

05:37:25.0484 0176 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip

The OLT logs will be in the following post. Cheers.

Link to post
Share on other sites

Again....it got the "post too long" error. So...Maniac, here is the OLT log first:

OTL.Txt:

OTL logfile created on: 12/5/2011 5:47:23 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Owner\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 277.44 Mb Available Physical Memory | 28.92% Memory free

1.51 Gb Paging File | 0.89 Gb Available in Paging File | 58.80% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 180.50 Gb Total Space | 74.32 Gb Free Space | 41.17% Space Free | Partition Type: NTFS

Drive D: | 5.79 Gb Total Space | 0.75 Gb Free Space | 13.00% Space Free | Partition Type: FAT32

Computer Name: YOUR-AE066C3A9B | User Name: HP_Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)

PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)

PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

PRC - C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)

PRC - C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)

PRC - C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)

PRC - C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\system32\java.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)

PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()

PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)

PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)

PRC - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe ()

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\WINDOWS\system32\ping.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)

PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)

PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()

PRC - C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll ()

MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()

MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()

MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()

MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()

MOD - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()

MOD - C:\Program Files\Linksys\Linksys Updater\lib\wrapper.dll ()

MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll ()

MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll ()

MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll ()

MOD - C:\Program Files\Updates from HP\309731\Program\frext-309731.dll ()

MOD - C:\Program Files\Updates from HP\309731\Program\BWfiles-309731.dll ()

MOD - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe ()

MOD - C:\Program Files\Updates from HP\309731\Program\HPClientExt.dll ()

MOD - c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll ()

MOD - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()

MOD - C:\Program Files\BroadJump\Client Foundation\TimerManager.dll ()

MOD - C:\Program Files\BroadJump\Client Foundation\AppProperties.dll ()

MOD - C:\Program Files\BroadJump\Client Foundation\BJComBase.dll ()

MOD - C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll ()

MOD - C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll ()

MOD - C:\Program Files\BroadJump\Client Foundation\BJComRT.dll ()

MOD - C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll ()

MOD - C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll ()

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found

SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)

SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)

SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)

SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)

========== Driver Services (SafeList) ==========

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)

DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)

DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys ()

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)

DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)

DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )

DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-476657039-317847302-2309200382-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop

IE - HKU\S-1-5-21-476657039-317847302-2309200382-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop

IE - HKU\S-1-5-21-476657039-317847302-2309200382-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-476657039-317847302-2309200382-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-476657039-317847302-2309200382-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-476657039-317847302-2309200382-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-476657039-317847302-2309200382-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-476657039-317847302-2309200382-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-476657039-317847302-2309200382-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-476657039-317847302-2309200382-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-476657039-317847302-2309200382-1009\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-476657039-317847302-2309200382-1009\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-476657039-317847302-2309200382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-476657039-317847302-2309200382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found

FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1879: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1939: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.872: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/04 02:02:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/08 12:52:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/08 11:29:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/04 05:04:51 | 000,000,000 | ---D | M]

[2010/10/18 08:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions

[2010/10/18 08:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/04/26 06:58:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8vmzxgh5.default\extensions

[2010/10/18 08:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8vmzxgh5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/18 08:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8vmzxgh5.default\extensions\staged-xpis

[2010/10/18 08:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/18 08:15:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/09/08 12:52:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/09/14 17:59:59 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2010/09/14 18:00:00 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll

[2010/10/12 17:15:48 | 000,013,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\cgpcfg.dll

[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

[2010/10/12 15:32:02 | 000,255,416 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxmui.dll

[2010/10/12 15:35:16 | 000,031,672 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\icafile.dll

[2010/10/12 15:34:52 | 000,040,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\icalogon.dll

[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

[2010/09/14 18:00:01 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2011/08/26 14:28:46 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2011/08/26 14:28:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2011/08/26 14:28:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2011/08/26 14:28:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2011/08/26 14:28:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2011/08/26 14:28:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2011/08/26 14:28:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2010/07/14 11:42:58 | 000,898,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll

[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

[2010/09/14 15:41:42 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2010/09/14 15:41:42 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2010/09/14 15:41:42 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2010/09/14 15:41:42 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2010/09/14 15:41:42 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2010/09/14 15:41:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2010/09/14 15:41:42 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2008/09/10 17:43:35 | 000,263,300 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 9132 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-476657039-317847302-2309200382-1009\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-476657039-317847302-2309200382-1009\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)

O3 - HKU\S-1-5-21-476657039-317847302-2309200382-1009\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-476657039-317847302-2309200382-1009\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-476657039-317847302-2309200382-1009\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-476657039-317847302-2309200382-1009\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)

O3 - HKU\S-1-5-21-476657039-317847302-2309200382-1009\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)

O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)

O4 - HKLM..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)

O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)

O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)

O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)

O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)

O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-21-476657039-317847302-2309200382-1009..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-476657039-317847302-2309200382-1009..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)

O4 - HKU\S-1-5-21-476657039-317847302-2309200382-1009..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-476657039-317847302-2309200382-1009..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-476657039-317847302-2309200382-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O15 - HKU\S-1-5-21-476657039-317847302-2309200382-1009\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)

O15 - HKU\S-1-5-21-476657039-317847302-2309200382-1009\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O15 - HKU\S-1-5-21-476657039-317847302-2309200382-1009\..Trusted Domains: intersourcing.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-476657039-317847302-2309200382-1009\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {380BBEC2-4CAE-4ECE-8AFF-36CDE7916386} https://learn.ultimatesoftware.com/URA/URA/lib/srdp.cab (Surgient URA Local Proxy Client (v2))

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)

O16 - DPF: {54CE37E0-9834-41AE-9896-4DAB69DC022B} https://learn.ultimatesoftware.com/URA/URA/lib/srdp.cab (Microsoft RDP Client Control (redist))

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C400804-A2D7-452B-8FB3-216E55CD9025}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)

O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/10/27 14:53:28 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-476657039-317847302-2309200382-1009\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/05 05:42:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent

[2011/12/05 05:41:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe

[2011/12/04 18:26:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

[2011/12/04 18:25:29 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\dds.scr

[2011/12/04 18:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\PingGoogle

[2011/12/04 18:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\HiJackThis

[2011/12/04 18:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis

[2011/12/04 16:05:40 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Owner\Desktop\TDSSKiller.exe

[2011/12/04 07:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\MicrosoftSecurityScanner

[2011/12/03 17:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/12/03 16:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender

[2011/12/03 13:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google

[2011/12/03 10:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/12/03 10:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2009/10/12 21:11:48 | 003,309,072 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup224.exe

[2008/09/22 16:59:25 | 002,189,864 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe

[2008/09/10 17:38:51 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\Spybot-search and destroy.exe

[2007/01/01 21:38:16 | 002,808,271 | ---- | C] (Wondershare Software ) -- C:\Program Files\DVD2iPod_210_sdne1230erw.exe

[2007/01/01 21:35:06 | 003,088,084 | ---- | C] (Wondershare Software ) -- C:\Program Files\Video2iPod_202_qwer1204rewq.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/05 05:52:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/05 05:41:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe

[2011/12/05 05:35:59 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/12/05 05:33:32 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2011/12/05 05:33:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/05 05:33:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/05 05:32:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/12/05 05:32:43 | 1006,161,920 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/04 19:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At40.job

[2011/12/04 19:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At39.job

[2011/12/04 19:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/04 19:10:56 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job

[2011/12/04 18:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At38.job

[2011/12/04 18:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At37.job

[2011/12/04 18:25:35 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\dds.scr

[2011/12/04 18:08:28 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to HiJackThis.lnk

[2011/12/04 18:08:06 | 000,002,012 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.lnk

[2011/12/04 17:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At36.job

[2011/12/04 17:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At35.job

[2011/12/04 16:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At34.job

[2011/12/04 16:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At33.job

[2011/12/04 15:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At32.job

[2011/12/04 15:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At31.job

[2011/12/04 14:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At30.job

[2011/12/04 14:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At29.job

[2011/12/04 13:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At28.job

[2011/12/04 13:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At27.job

[2011/12/04 12:55:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At26.job

[2011/12/04 12:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At25.job

[2011/12/04 11:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2011/12/04 11:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2011/12/04 10:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2011/12/04 10:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2011/12/04 09:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2011/12/04 09:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2011/12/04 08:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2011/12/04 08:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2011/12/04 07:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2011/12/04 07:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2011/12/04 06:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2011/12/04 06:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2011/12/04 05:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2011/12/04 05:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2011/12/04 04:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2011/12/04 04:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2011/12/04 03:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2011/12/04 03:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2011/12/04 02:55:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2011/12/04 02:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2011/12/04 01:55:03 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2011/12/04 01:55:02 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2011/12/04 00:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2011/12/04 00:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2011/12/03 23:55:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At48.job

[2011/12/03 23:55:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At47.job

[2011/12/03 22:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At46.job

[2011/12/03 22:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At45.job

[2011/12/03 21:55:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At44.job

[2011/12/03 21:55:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At43.job

[2011/12/03 20:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At42.job

[2011/12/03 20:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At41.job

[2011/12/03 16:28:39 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Windows Defender.lnk

[2011/12/03 12:50:44 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareBlaster.lnk

[2011/12/03 12:37:35 | 000,016,398 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\8e27ki5n85c306

[2011/12/03 12:37:35 | 000,016,398 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8e27ki5n85c306

[2011/12/03 11:04:11 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/03 10:41:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\N1Xak4.com.b

[2011/12/03 10:40:57 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\HY2P6PhM.dat

[2011/11/30 08:40:16 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Microsoft Office Outlook 2003.lnk

[2011/11/28 08:42:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/11/24 12:33:42 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Owner\Desktop\TDSSKiller.exe

[2011/11/14 10:54:41 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

[2011/11/07 14:05:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\0.908276056699278.exe

[2011/11/07 07:37:24 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/11/07 07:37:24 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/04 18:08:28 | 000,000,970 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to HiJackThis.lnk

[2011/12/04 18:08:06 | 000,002,012 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.lnk

[2011/12/03 20:21:46 | 1006,161,920 | -HS- | C] () -- C:\hiberfil.sys

[2011/12/03 16:30:22 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/12/03 16:28:39 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Windows Defender.lnk

[2011/12/03 16:27:15 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk

[2011/12/03 10:41:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\N1Xak4.com.b

[2011/12/03 10:38:11 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\HY2P6PhM.dat

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At48.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At46.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At44.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At42.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At40.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At38.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At36.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At34.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At32.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At30.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At28.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At26.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

[2011/12/03 10:38:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At47.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At45.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At43.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At41.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At39.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At37.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At35.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At33.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At31.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At29.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At27.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At25.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

[2011/12/03 10:38:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2011/12/03 10:24:04 | 000,016,398 | -HS- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\8e27ki5n85c306

[2011/12/03 10:24:04 | 000,016,398 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8e27ki5n85c306

[2011/11/07 14:05:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\0.908276056699278.exe

[2010/10/05 21:16:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/07/29 12:25:17 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini

[2010/07/12 17:34:04 | 000,282,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/09/26 17:07:41 | 000,042,092 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/05/30 14:05:16 | 000,000,578 | ---- | C] () -- C:\WINDOWS\intuprof.ini

[2009/05/30 14:05:16 | 000,000,092 | ---- | C] () -- C:\WINDOWS\qwimp.ini

[2009/05/30 13:38:03 | 000,001,019 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2008/09/03 09:06:35 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\mcs.rma

[2008/09/03 09:06:35 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\1247D7

[2008/01/30 20:52:04 | 010,466,656 | ---- | C] () -- C:\Program Files\winzip111.exe

[2008/01/23 21:22:42 | 004,097,455 | ---- | C] () -- C:\Program Files\youtube-convert_2.0.zip

[2007/03/22 12:03:40 | 000,001,282 | ---- | C] () -- C:\WINDOWS\unins000.dat

[2007/02/07 07:38:11 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1020.exe

[2007/02/07 07:38:11 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll

[2007/02/06 08:43:17 | 005,186,048 | ---- | C] () -- C:\Program Files\WindowsDefender.msi

[2006/09/29 18:42:26 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2005/12/08 08:33:31 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2005/02/24 08:24:43 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe

[2004/12/03 14:15:59 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll

[2004/12/03 14:13:14 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll

[2004/12/03 14:13:13 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll

[2004/12/02 19:08:42 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2004/11/14 17:23:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2004/11/14 15:58:25 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat

[2004/10/27 14:51:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2004/10/27 14:51:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2004/10/27 14:51:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2004/10/27 14:51:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2004/10/27 14:51:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2004/10/27 14:51:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2004/10/27 14:51:24 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat

[2004/09/17 16:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2004/08/16 16:09:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/16 16:09:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/16 16:08:56 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/16 16:08:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/16 16:08:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/16 16:08:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/16 16:08:17 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/16 16:07:43 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/08 10:16:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/08/07 16:39:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

[2004/08/07 16:39:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll

[2004/08/07 16:39:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll

[2004/08/07 16:34:39 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll

[2004/08/07 16:33:31 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe

[2004/08/07 16:28:27 | 000,026,939 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2004/08/07 16:27:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2004/08/07 16:17:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/08/07 15:50:45 | 000,094,339 | ---- | C] () -- C:\WINDOWS\HPHins03.dat

[2004/08/07 15:50:45 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat

[2004/08/07 15:42:52 | 000,104,115 | ---- | C] () -- C:\WINDOWS\hpoins04.dat

[2004/08/07 15:42:52 | 000,016,939 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat

[2004/08/07 15:33:07 | 000,089,028 | ---- | C] () -- C:\WINDOWS\hpdins01.dat

[2004/08/07 15:33:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat

[2004/08/07 15:24:38 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat

[2004/08/07 15:24:38 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat

[2004/08/07 15:17:16 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/07 15:02:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin

[2004/08/07 15:02:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin

[2004/08/07 15:02:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin

[2004/08/07 14:26:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2004/08/07 14:26:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2004/08/07 14:25:38 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2004/08/07 14:07:48 | 000,000,904 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/07 14:06:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/07 14:01:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/07 13:47:30 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2004/08/07 13:47:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/07 13:47:05 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/07 13:47:05 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/07 13:46:48 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2004/08/07 06:57:58 | 000,057,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys

[2004/08/07 06:55:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/07 06:54:52 | 000,206,512 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/06/29 07:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/06/15 01:00:00 | 000,077,321 | ---- | C] () -- C:\WINDOWS\unins000.exe

[2004/06/07 20:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat

[2003/05/15 23:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin

[2003/03/07 00:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll

[2003/01/23 12:30:00 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

[2003/01/23 12:30:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/07/29 07:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2010/07/29 12:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES

[2010/07/15 13:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output

[2011/07/29 07:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure

[2008/06/28 10:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys

[2010/12/09 15:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nike

[2010/07/29 12:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance

[2006/05/10 07:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2010/07/29 16:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11

[2005/12/08 08:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2005/12/08 08:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard

[2011/12/03 21:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/12/05 05:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2008/04/07 07:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/04/04 09:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2010/04/24 13:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/26 16:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/05/23 13:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2004/08/07 16:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView

[2011/12/04 00:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2011/12/04 04:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2011/12/04 05:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

[2011/12/04 05:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2011/12/04 06:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

[2011/12/04 06:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2011/12/04 07:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

[2011/12/04 07:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2011/12/04 08:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

[2011/12/04 08:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2011/12/04 09:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

[2011/12/04 00:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2011/12/04 09:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2011/12/04 10:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

[2011/12/04 10:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2011/12/04 11:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

[2011/12/04 11:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2011/12/04 12:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job

[2011/12/04 12:55:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job

[2011/12/04 13:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job

[2011/12/04 13:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job

[2011/12/04 14:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job

[2011/12/04 01:55:02 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2011/12/04 14:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job

[2011/12/04 15:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job

[2011/12/04 15:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job

[2011/12/04 16:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job

[2011/12/04 16:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job

[2011/12/04 17:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job

[2011/12/04 17:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job

[2011/12/04 18:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job

[2011/12/04 18:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job

[2011/12/04 19:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job

[2011/12/04 01:55:03 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2011/12/04 19:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job

[2011/12/03 20:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job

[2011/12/03 20:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job

[2011/12/03 21:55:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job

[2011/12/03 21:55:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job

[2011/12/03 22:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job

[2011/12/03 22:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job

[2011/12/03 23:55:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job

[2011/12/03 23:55:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job

[2011/12/04 02:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2011/12/04 02:55:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2011/12/04 03:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2011/12/04 03:55:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

[2011/12/04 04:55:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

[2011/12/05 05:35:59 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

And here is the Extras log:

Extras.Txt:

OTL Extras logfile created on: 12/5/2011 5:47:23 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Owner\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 277.44 Mb Available Physical Memory | 28.92% Memory free

1.51 Gb Paging File | 0.89 Gb Available in Paging File | 58.80% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 180.50 Gb Total Space | 74.32 Gb Free Space | 41.17% Space Free | Partition Type: NTFS

Drive D: | 5.79 Gb Total Space | 0.75 Gb Free Space | 13.00% Space Free | Partition Type: FAT32

Computer Name: YOUR-AE066C3A9B | User Name: HP_Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-476657039-317847302-2309200382-1009\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"ANTIVIRUSDISABLENOTIFY" = 0

"FIREWALLDISABLENOTIFY" = 0

"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- ()

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5

"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks

"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15

"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010

"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition

"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo

"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600

"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{184EB198-1DBA-46DB-B728-7A5FC13D5C2B}_is1" = Yahoo! Photos Print-at-Home Tool

"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)

"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE

"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan

"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows

"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23

"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970

"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers

"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects

"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005

"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2

"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express

"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime

"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy

"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06

"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics

"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)

"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload

"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004

"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2

"{5E1494D4-3562-4FFB-B35C-600F80F6934C}" = HP Image Zone Plus 4.2

"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE

"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2

"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)

"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes

"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D9768AE-DE42-4A04-A461-2361A58C384D}" = HPIZ402

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1

"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects

"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0

"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery

"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530

"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006

"{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD

"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc

"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual

"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates

"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2

"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare

"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater

"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{D1CB9533-B129-40B7-9B11-BB444BF52403}" = Pure Networks Platform

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger

"{E492D880-0B07-4769-9E92-6C2B7DE37716}" = Linksys EasyLink Advisor

"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks

"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm

"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436

"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers

"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations

"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg

"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)

"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour

"Adobe AIR" = Adobe AIR

"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem

"America Online us" = America Online (Choose which version to remove)

"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)

"ATT-SST" = AT&T Service & Support Tool

"AviSynth" = AviSynth 2.5

"BackWeb-309731 Uninstaller" = Updates from HP

"BellsouthHelpCenter4.0b_is1" = FastAccess® DSL Help Center 4.3

"BroadJump Client Foundation" = BroadJump Client Foundation

"Canon CanoScan Toolbox 4.0" = Canon CanoScan Toolbox 4.0

"CCleaner" = CCleaner (remove only)

"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web

"DVD Decrypter" = DVD Decrypter (Remove Only)

"Help and Support Additions" = Help and Support Additions

"HP Photo & Imaging" = HP Image Zone 4.2

"HP-LaserJet 1020 series" = LaserJet 1020 series

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15

"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23

"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004

"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"InstallShield_{E492D880-0B07-4769-9E92-6C2B7DE37716}" = Linksys EasyLink Advisor

"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime

"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)

"MSNINST" = MSN

"Nike+ Connect" = Nike+ Connect

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020

"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions

"Python 2.2.1" = Python 2.2.1

"RealPlayer 6.0" = RealPlayer

"S3" = VIA/S3G Display Driver

"SpywareBlaster_is1" = SpywareBlaster 4.5

"StreetPlugin" = Learn2 Player (Uninstall Only)

"Terminal Server Client" = Terminal Services Client

"TurboTax Basic 2006" = TurboTax Basic 2006

"TurboTax Deluxe 2004" = TurboTax Deluxe 2004

"TurboTax Deluxe 2005" = TurboTax Deluxe 2005

"TurboTax Home & Business 2007" = TurboTax Home & Business 2007

"Videora iPod Converter" = Videora iPod Converter 3.07

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter

"VTDisplay" = S3 S3Display

"VTGamma2" = S3 S3Gamma2

"VTInfo2" = S3 S3Info2

"VTOverlay" = S3 S3Overlay

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"Yahoo! Photos Easy Upload Tool" = Yahoo! Photos Easy Upload Tool

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-476657039-317847302-2309200382-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 12/3/2011 6:03:24 PM | Computer Name = YOUR-AE066C3A9B | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,

P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,

P8 NIL, P9 NIL, P10 NIL.

Error - 12/3/2011 6:20:56 PM | Computer Name = YOUR-AE066C3A9B | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,

P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,

P8 NIL, P9 NIL, P10 NIL.

Error - 12/3/2011 6:24:13 PM | Computer Name = YOUR-AE066C3A9B | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,

P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,

P8 NIL, P9 NIL, P10 NIL.

Error - 12/3/2011 6:27:22 PM | Computer Name = YOUR-AE066C3A9B | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,

P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,

P8 NIL, P9 NIL, P10 NIL.

Error - 12/3/2011 6:27:24 PM | Computer Name = YOUR-AE066C3A9B | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,

P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,

P8 NIL, P9 NIL, P10 NIL.

Error - 12/3/2011 6:29:15 PM | Computer Name = YOUR-AE066C3A9B | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,

P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,

P8 NIL, P9 NIL, P10 NIL.

Error - 12/3/2011 6:31:05 PM | Computer Name = YOUR-AE066C3A9B | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,

P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,

P8 NIL, P9 NIL, P10 NIL.

Error - 12/3/2011 6:59:18 PM | Computer Name = YOUR-AE066C3A9B | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,

P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,

P8 NIL, P9 NIL, P10 NIL.

Error - 12/3/2011 10:10:34 PM | Computer Name = YOUR-AE066C3A9B | Source = Application Error | ID = 1000

Description = Faulting application ping.exe, version 5.1.2600.2180, faulting module

unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/4/2011 2:44:08 AM | Computer Name = YOUR-AE066C3A9B | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,

P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,

P8 NIL, P9 NIL, P10 NIL.

[ System Events ]

Error - 12/5/2011 6:33:39 AM | Computer Name = YOUR-AE066C3A9B | Source = SideBySide | ID = 16842784

Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last

Error was The referenced assembly is not installed on your system.

Error - 12/5/2011 6:33:39 AM | Computer Name = YOUR-AE066C3A9B | Source = SideBySide | ID = 16842811

Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference

error message: The referenced assembly is not installed on your system. .

Error - 12/5/2011 6:33:39 AM | Computer Name = YOUR-AE066C3A9B | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL.

Reference

error message: The operation completed successfully. .

Error - 12/5/2011 6:33:47 AM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/5/2011 6:35:30 AM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/5/2011 6:35:52 AM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/5/2011 6:38:37 AM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/5/2011 6:40:31 AM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/5/2011 6:40:47 AM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/5/2011 6:42:54 AM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

< End of report >

Thanks again, Maniac. I look foward to your analysis and response. Cheers!

Link to post
Share on other sites

Good! :)

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
[2011/12/03 12:37:35 | 000,016,398 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\8e27ki5n85c306
[2011/12/03 12:37:35 | 000,016,398 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8e27ki5n85c306
[2011/12/03 10:41:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\N1Xak4.com.b
[2011/12/03 10:40:57 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\HY2P6PhM.dat
[2011/11/07 14:05:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\0.908276056699278.exe
[2008/09/03 09:06:35 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\mcs.rma
[2008/09/03 09:06:35 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\1247D7
[2011/12/05 05:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

:files
C:\WINDOWS\tasks\*.job

:Commands
[emptytemp]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

Yes, it should reboot.

Okay, cool. I just wanted to be sure. Here is the log:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\8e27ki5n85c306 moved successfully.

C:\Documents and Settings\All Users\Application Data\8e27ki5n85c306 moved successfully.

C:\WINDOWS\system32\N1Xak4.com.b moved successfully.

C:\Documents and Settings\All Users\Application Data\HY2P6PhM.dat moved successfully.

C:\Documents and Settings\HP_Owner\Desktop\0.908276056699278.exe moved successfully.

C:\Documents and Settings\HP_Owner\Application Data\mcs.rma moved successfully.

C:\Documents and Settings\HP_Owner\Application Data\1247D7 moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.

========== FILES ==========

C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.

C:\WINDOWS\tasks\At1.job moved successfully.

C:\WINDOWS\tasks\At10.job moved successfully.

C:\WINDOWS\tasks\At11.job moved successfully.

C:\WINDOWS\tasks\At12.job moved successfully.

C:\WINDOWS\tasks\At13.job moved successfully.

C:\WINDOWS\tasks\At14.job moved successfully.

C:\WINDOWS\tasks\At15.job moved successfully.

C:\WINDOWS\tasks\At16.job moved successfully.

C:\WINDOWS\tasks\At17.job moved successfully.

C:\WINDOWS\tasks\At18.job moved successfully.

C:\WINDOWS\tasks\At19.job moved successfully.

C:\WINDOWS\tasks\At2.job moved successfully.

C:\WINDOWS\tasks\At20.job moved successfully.

C:\WINDOWS\tasks\At21.job moved successfully.

C:\WINDOWS\tasks\At22.job moved successfully.

C:\WINDOWS\tasks\At23.job moved successfully.

C:\WINDOWS\tasks\At24.job moved successfully.

C:\WINDOWS\tasks\At25.job moved successfully.

C:\WINDOWS\tasks\At26.job moved successfully.

C:\WINDOWS\tasks\At27.job moved successfully.

C:\WINDOWS\tasks\At28.job moved successfully.

C:\WINDOWS\tasks\At29.job moved successfully.

C:\WINDOWS\tasks\At3.job moved successfully.

C:\WINDOWS\tasks\At30.job moved successfully.

C:\WINDOWS\tasks\At31.job moved successfully.

C:\WINDOWS\tasks\At32.job moved successfully.

C:\WINDOWS\tasks\At33.job moved successfully.

C:\WINDOWS\tasks\At34.job moved successfully.

C:\WINDOWS\tasks\At35.job moved successfully.

C:\WINDOWS\tasks\At36.job moved successfully.

C:\WINDOWS\tasks\At37.job moved successfully.

C:\WINDOWS\tasks\At38.job moved successfully.

C:\WINDOWS\tasks\At39.job moved successfully.

C:\WINDOWS\tasks\At4.job moved successfully.

C:\WINDOWS\tasks\At40.job moved successfully.

C:\WINDOWS\tasks\At41.job moved successfully.

C:\WINDOWS\tasks\At42.job moved successfully.

C:\WINDOWS\tasks\At43.job moved successfully.

C:\WINDOWS\tasks\At44.job moved successfully.

C:\WINDOWS\tasks\At45.job moved successfully.

C:\WINDOWS\tasks\At46.job moved successfully.

C:\WINDOWS\tasks\At47.job moved successfully.

C:\WINDOWS\tasks\At48.job moved successfully.

C:\WINDOWS\tasks\At5.job moved successfully.

C:\WINDOWS\tasks\At6.job moved successfully.

C:\WINDOWS\tasks\At7.job moved successfully.

C:\WINDOWS\tasks\At8.job moved successfully.

C:\WINDOWS\tasks\At9.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.

C:\WINDOWS\tasks\MP Scheduled Scan.job moved successfully.

C:\WINDOWS\tasks\Symantec NetDetect.job moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: cm

User: Default User

->Temp folder emptied: 78690 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: HP_Owner

->Temp folder emptied: 1455005 bytes

->Temporary Internet Files folder emptied: 8545395 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 41408882 bytes

->Apple Safari cache emptied: 1206272 bytes

->Flash cache emptied: 1969675 bytes

User: LocalService

->Temp folder emptied: 65716 bytes

->Temporary Internet Files folder emptied: 13688114 bytes

User: NetworkService

->Temp folder emptied: 1542784 bytes

->Temporary Internet Files folder emptied: 321995738 bytes

->Java cache emptied: 2808 bytes

->Flash cache emptied: 18283 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 11265411 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 78514419 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 460.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 12052011_145103

Files\Folders moved on Reboot...

C:\Documents and Settings\HP_Owner\Local Settings\Temp\IadHide5.dll moved successfully.

Registry entries deleted on Reboot...

Thanks again for your continued help. Cheers!

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

Hello, Maniac! The Malwarebytes scan is complete. Here is the log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8321

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.11

12/6/2011 6:48:00 AM

mbam-log-2011-12-06 (06-48-00).txt

Scan type: Quick scan

Objects scanned: 180526

Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\system32\6to4v32.dll (Trojan.Wimpixo) -> Delete on reboot.

c:\WINDOWS\system32\sqlcsw32.dll (Trojan.Dropper) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\6to4v32.dll (Trojan.Wimpixo) -> Delete on reboot.

c:\WINDOWS\system32\sqlcsw32.dll (Trojan.Dropper) -> Delete on reboot.

c:\WINDOWS\Temp\31204.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

I am running ESET now and will post the results when complete. Thanks again! Cheers!

Link to post
Share on other sites

Hi Maniac. The scan slowed to a crawl at about 25% complete. Ping.exe kept rising to the top of task manager consuming the CPU. In a effort to help I would end the Ping.exe process but it kept coming back every 3-4 minutes. I've noticed that when Ping.exe is running temporary internet files start appearing (seemingly from nowhere) in extremely rapid numbers... I felt a sense of panic and ended the operation. I have currently shut down the infected computer. Please advise as to how to continue in a safe manner. Thanks.

Link to post
Share on other sites

Hello, Maniac. Sorry for the delay in getting back to you (I as unable to access the infected computer for a couple of days). I downloaded and ran ComboFix just now. I disabled all firewalls/antivirus first and clicked "run". ComboFix detected a "difficult to remove" rootkit problem first and rebooted the machine very soon after the program started. The machine rebooted again at the end of the scan and here is the log:

ComboFix Log

ComboFix 11-12-09.02 - HP_Owner 12/09/2011 9:04.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.599 [GMT -5:00]

Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe

* Created a new restore point

.

.

.

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\HP_Owner\Application Data\.#

c:\documents and settings\HP_Owner\Application Data\.#\MBX@D34@A23F70.###

c:\documents and settings\HP_Owner\Application Data\.#\MBX@D34@A23FA0.###

c:\documents and settings\HP_Owner\g2mdlhlpx.exe

c:\documents and settings\HP_Owner\WINDOWS

c:\program files\DVD2iPod_210_sdne1230erw.exe

c:\program files\Video2iPod_202_qwer1204rewq.exe

c:\windows\$NtUninstallKB43108$\2126387733

c:\windows\$NtUninstallKB43108$\940740726\@

c:\windows\$NtUninstallKB43108$\940740726\bckfg.tmp

c:\windows\$NtUninstallKB43108$\940740726\cfg.ini

c:\windows\$NtUninstallKB43108$\940740726\Desktop.ini

c:\windows\$NtUninstallKB43108$\940740726\keywords

c:\windows\$NtUninstallKB43108$\940740726\kwrd.dll

c:\windows\$NtUninstallKB43108$\940740726\L\mlmlzhee

c:\windows\$NtUninstallKB43108$\940740726\lsflt7.ver

c:\windows\$NtUninstallKB43108$\940740726\U\00000001.@

c:\windows\$NtUninstallKB43108$\940740726\U\00000002.@

c:\windows\$NtUninstallKB43108$\940740726\U\00000004.@

c:\windows\$NtUninstallKB43108$\940740726\U\80000000.@

c:\windows\$NtUninstallKB43108$\940740726\U\80000004.@

c:\windows\$NtUninstallKB43108$\940740726\U\80000032.@

c:\windows\dasetup.log

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\sqlesw32.dll

D:\Autorun.inf

c:\windows\$NtUninstallKB43108$ . . . . Failed to delete

.

c:\windows\system32\drivers\redbook.sys . . . is infected!! . . . Failed to find a valid replacement.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_6TO4

-------\Service_6to4

.

.

.

.

.

2011-12-09 14:18 . 2011-12-09 14:18 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{F5B8CD4A-3114-4316-9511-6BE6864D5A1A}\offreg.dll

2011-12-06 12:50 . 2011-12-06 12:51 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-06 12:13 . 2011-12-06 12:13 -------- d-----w- c:\program files\ESET

2011-12-05 19:51 . 2011-12-05 19:51 -------- d-----w- C:\_OTL

2011-12-04 23:08 . 2011-12-04 23:08 388096 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-04 12:02 . 2011-12-04 12:08 -------- d-----w- c:\program files\MicrosoftSecurityScanner

2011-12-03 22:31 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{F5B8CD4A-3114-4316-9511-6BE6864D5A1A}\mpengine.dll

2011-12-03 22:26 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-12-03 21:27 . 2011-12-03 22:32 -------- d-----w- c:\program files\Windows Defender

.

.

.

.

.

2011-10-18 20:43 . 2011-08-26 11:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2009-10-13 02:12 . 2009-10-13 02:11 3309072 ----a-w- c:\program files\ccsetup224.exe

2008-09-22 21:59 . 2008-09-22 21:59 2189864 ----a-w- c:\program files\mbam-setup.exe

2008-09-10 22:38 . 2008-09-10 22:38 15083520 ----a-w- c:\program files\Spybot-search and destroy.exe

2008-04-07 11:43 . 2008-01-31 01:52 10466656 ----a-w- c:\program files\winzip111.exe

2007-02-06 13:43 . 2007-02-06 13:43 5186048 ----a-w- c:\program files\WindowsDefender.msi

2010-10-12 20:33 . 2010-10-12 20:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2010-10-12 22:15 . 2010-10-12 22:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2010-10-12 20:37 . 2010-10-12 20:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2010-10-12 20:35 . 2010-10-12 20:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2010-10-12 20:34 . 2010-10-12 20:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2010-10-12 20:32 . 2010-10-12 20:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2010-10-12 20:35 . 2010-10-12 20:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2010-10-12 20:34 . 2010-10-12 20:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2010-07-14 16:42 . 2010-07-14 16:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2010-10-12 20:37 . 2010-10-12 20:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

.

.

.

.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]

"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]

"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 180269]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]

"VTTimer"="VTTimer.exe" [2004-10-22 53248]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]

"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-21 49152]

"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]

"HelpCenter4.1"="c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe" [2007-04-13 198184]

"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-06-13 139264]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-08 149280]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]

"Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2010-10-01 299008]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

.

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\

eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-4-5 1149440]

Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2004-1-28 57344]

Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-7 16423]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-12-3 394856]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [7/14/2010 11:51 AM 65584]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 9:28 AM 204800]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 9:47 PM 135664]

S2 SqlCSS;SQL Server EXPRESS;c:\windows\System32\svchost.exe -k Sqlses [8/7/2004 1:47 PM 14336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 9:47 PM 135664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Sqlses REG_MULTI_SZ SqlCSS

.

.

.

2011-12-09 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

.

.

------- -------

.

uStart Page = about:blank

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: $talisma_url$

Trusted Zone: intersourcing.com

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.1.254

DPF: {380BBEC2-4CAE-4ECE-8AFF-36CDE7916386} - hxxps://learn.ultimatesoftware.com/URA/URA/lib/srdp.cab

FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8vmzxgh5.default\

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

- - - - - - - -

.

Notify-sqlesw32 - sqlesw32.dll

Notify-Sqlseses - sqlesw32.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-09 09:19

Windows 5.1.2600 Service Pack 2 NTFS

.

.

.

.

.

: 0

.

**************************************************************************

.

--------------------- ---------------------

.

- - - - - - - > 'winlogon.exe'(652)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(1360)

c:\windows\system32\WININET.dll

c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll

c:\program files\ScanSoft\OmniPageSE\ophook32.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ ------------------------

.

c:\progra~1\COMMON~1\AOL\ACS\acsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\java.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\windows\wanmpsvc.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\VTTimer.exe

c:\windows\AGRSMMSG.exe

c:\windows\ALCXMNTR.EXE

c:\program files\Citrix\ICA Client\wfcrun32.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

: 2011-12-09 09:26:50 -

ComboFix-quarantined-files.txt 2011-12-09 14:26

.

Pre-Run: 84,264,787,968 bytes free

: 84,182,867,968 bytes free

.

- - End Of File - - 23AA30F94FB2B39FE2845DDF9F47894E

I have re-enabled antivirus and firewall. I then connected to the internet without issue and searched Google for several minutes. The "re-directing" issue appears (at least for now) to be solved. I kept an eye on the task manager and did not see an instance of ping.exe occurring. The CPU stayed nice and calm. Everything looks good at this point...but...obviously I want to be sure. Please advise on my next step(s). Thanks again for your help, Maniac. Cheers!

Link to post
Share on other sites

Redirects problem is the following:

c:\windows\system32\drivers\redbook.sys . . . is infected!! . . . Failed to find a valid replacement.

Redbook.sys is a modified by a malware and now we should find a clean copy of replace it and everything will be fine.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    redbook.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Hi Maniac. Here is the System Look log:

System Look

SystemLook 30.07.11 by jpshortstuff

Log created at 10:58 on 11/12/2011 by HP_Owner

Administrator - Elevation successful

========== filefind ==========

Searching for "redbook.sys"

C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\redbook.sys --a---- 57600 bytes [12:21 20/08/2008] [18:40 13/04/2008] F828DD7E1419B6653894A8F97A0094C5

C:\WINDOWS\system32\drivers\redbook.sys --a---- 57472 bytes [11:57 07/08/2004] [05:59 04/08/2004] 6DBD81D5B12B7F5B5923E85097FDA1F0

-= EOF =-

Let me know when you can. Thanks again. Cheers!

Link to post
Share on other sites

Please copy this file from there:

C:\WINDOWS\system32\dllcache\redbook.sys

Transfer it in your system in C:\ drive. Next:

Open Notepad and copy and paste the text in the code box below into it:

FCopy::
C:\redbook.sys | C:\WINDOWS\system32\drivers\redbook.sys

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Link to post
Share on other sites

Please copy this file from there:

C:\WINDOWS\system32\dllcache\redbook.sys

Transfer it in your system in C:\ drive. Next:

Hi Maniac. I am a bit unclear on these instructions. Do I copy the redbook.sys file (from the good computer) to a usb flash drive and then drop it into the System32 "drivers folder" on the C drive of the infected computer? Thanks.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.