Jump to content

Rootkit.Agent asc3550p

Martymarty
 Share

Recommended Posts

Martymarty

Martymarty

Posted
Posted

A few weeks ago I got the Internet Security 2010 virus-malware. I used MBAM which found 10 infections and cleared them. However, every couple of days, one of them recurs---

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\asc3550p (Rootkit.Agent)

I then run MBAM again which removes it again, but a couple of days later, it recurs and I go through the process again. My internet provider each time alerts me, and shuts off my internet in the meantime.

Previously, after running MBAM I also ran pctools scanner and eset which showed now other problems.

Because it has occurred 8 times since initial removal, my internet provider has shut down my internet access and now won't immediately restore it. I'd like to be able to tell them how I plan to cure it, so that they'll give my access back and so that I can take care of it. Any suggestions and help would be appreciated since I can't get my internet back until then.

I've seen another post here on Combofix and was wondering if that's the solution or if I should try it and anything else to gret rid of it once and for all.

Also, am I safe in backing up documents, photos etc. onto a hard drive in the meantime, without risking downloading the malware?

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Hello Martymarty

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    symmpi.sys

    adp3132.sys

    mv61xx.sys

    /md5stop

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /lockedfiles

    %systemroot%\System32\config\*.sav


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • Sections

  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Link to post
Share on other sites
Martymarty

Martymarty

Posted
  • Author
Posted

Here's the OTL--will post the GMER shortly

OTL logfile created on: 3/10/2010 1:38:23 PM - Run 1

OTL by OldTimer - Version 3.1.36.0 Folder = C:\Documents and Settings\Marty\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 164.00 Mb Available Physical Memory | 17.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 47.80 Gb Total Space | 1.41 Gb Free Space | 2.96% Space Free | Partition Type: NTFS

Drive D: | 8.07 Gb Total Space | 0.91 Gb Free Space | 11.26% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC210001757521

Current User Name: Marty

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Marty\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)

PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)

PRC - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)

PRC - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Marty\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\temp\logishrd\LVPrcInj01.dll (Logitech Inc.)

========== Win32 Services (SafeList) ==========

SRV - (Norton AntiVirus) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100310.002\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100310.002\NAVENG.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSXpx86.sys (Symantec Corporation)

DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS (Symantec Corporation)

DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys (Symantec Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS (Symantec Corporation)

DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS (Symantec Corporation)

DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS (Symantec Corporation)

DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) QuickCam Pro for Notebooks(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)

DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)

DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http:mail.yahoo.com"

FF - prefs.js..extensions.enabledItems: googletalk@adarsh.tp:1.0

FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/11/29 20:10:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/22 06:25:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/22 06:25:19 | 000,000,000 | ---D | M]

[2008/09/03 17:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Mozilla\Extensions

[2008/09/03 17:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marty\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/03/09 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Mozilla\Firefox\Profiles\t2k8x1eh.default\extensions

[2009/01/18 15:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Mozilla\Firefox\Profiles\t2k8x1eh.default\extensions\googletalk@adarsh.tp

[2010/03/10 12:34:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/02/22 06:25:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/02/22 06:24:52 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/02/22 06:24:53 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/08/07 12:35:32 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

[2009/12/31 10:34:29 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll

[2010/02/22 06:25:09 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/05/10 21:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2007/10/28 09:48:21 | 000,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2008/07/05 17:16:06 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2007/10/28 09:48:30 | 000,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2007/10/28 09:48:15 | 000,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2009/09/04 12:47:58 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/09/04 12:47:58 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/09/04 12:47:58 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/09/04 12:47:58 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/09/04 12:47:58 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/09/04 12:47:58 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/09/04 12:47:58 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKLM..\RunOnce: [symLnch] C:\Documents and Settings\Marty\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070826\Support\SymLnch\SymLnch.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.93.87.2 215.234.41.2

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{3e828441-3782-11dd-9a79-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{3e828441-3782-11dd-9a79-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{3e828441-3782-11dd-9a79-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 11:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{4710ccf3-8125-11de-9c50-001b24d2e5a0}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe -- File not found

O33 - MountPoints2\{4710ccf3-8125-11de-9c50-001b24d2e5a0}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/06/10 22:41:45 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (29558265578782720)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/08 20:46:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/03/01 06:58:30 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll

[2010/02/28 15:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/02/28 15:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/02/28 14:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/02/28 13:29:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us

[2010/02/28 13:29:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting

[2010/02/28 13:29:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2010/02/28 13:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en

[2010/02/28 13:29:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2010/02/28 13:14:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2010/02/20 22:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2008/07/31 09:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2007/04/14 07:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot

[2006/07/26 09:22:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2006/07/26 09:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2006/07/26 09:22:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2006/07/26 09:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2005/09/24 07:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

[236 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[12 C:\Documents and Settings\Marty\My Documents\*.tmp files -> C:\Documents and Settings\Marty\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/10 13:17:18 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-412373964-2120146892-2171935858-1006UA.job

[2010/03/10 12:36:07 | 000,000,313 | ---- | M] () -- C:\hpqp.ini

[2010/03/10 12:35:40 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini

[2010/03/10 12:35:27 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/03/10 12:34:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/10 12:34:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/03/10 12:34:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/10 12:34:17 | 1005,170,688 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/09 19:57:45 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Marty\NTUSER.DAT

[2010/03/09 19:57:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Marty\ntuser.ini

[2010/03/08 23:24:34 | 000,097,280 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\screenprintSpybot3-7-10.doc

[2010/03/08 23:21:48 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\Microsoft Office Word 2003.lnk

[2010/03/08 17:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/03/07 21:58:01 | 000,004,055 | ---- | M] () -- C:\WINDOWS\WININIT.INI

[2010/03/07 08:17:03 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-412373964-2120146892-2171935858-1006Core.job

[2010/03/05 19:24:19 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\danieldrawing3-5-10.doc

[2010/03/04 10:27:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/03/02 20:16:29 | 000,383,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/03/02 20:16:28 | 000,054,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/03/02 20:16:23 | 000,443,380 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/03/01 23:00:33 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/03/01 22:40:56 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\TREclipse2010Rev.doc

[2010/03/01 20:38:47 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\Dear Daniel and Benjamin.doc

[2010/02/28 19:27:55 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\daniel DT oral 1 minute presentation.doc

[2010/02/28 15:16:12 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\Spybot - Search & Destroy.lnk

[2010/02/28 14:45:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/02/28 14:43:23 | 000,255,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/02/28 14:14:02 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/28 13:17:53 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/02/28 09:29:31 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\recipe - hamentaschen.doc

[2010/02/27 08:26:20 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marty\My Documents\~$niel DT oral 1 minute presentation.doc

[2010/02/26 16:51:11 | 001,040,384 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\daniel DT pictures.doc

[2010/02/26 16:13:10 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marty\My Documents\~$nielDavid ThompsonNotes.doc

[2010/02/24 20:30:03 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\daniel DT final draft 2-17.doc

[2010/02/22 06:51:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\benjamin bus pass.doc

[2010/02/21 13:38:01 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\Windows Media Player.lnk

[2010/02/20 22:22:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\housecall.guid.cache

[2010/02/11 20:00:18 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\DT tri fold board.doc

[2010/02/11 14:27:41 | 000,541,696 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\danielDavid ThompsonNotes.doc

[2010/02/09 23:23:13 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\spelling 2-9-10.doc

[2010/02/09 23:22:55 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\florida list.doc

[2010/02/08 23:13:07 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\Spelling words.doc

[2010/02/08 19:10:15 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\Daniel - DT second draft 2-8-10.doc

[2010/02/08 16:30:29 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\Daniel's David Thompson rough draft 2-6-10.doc

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[236 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[12 C:\Documents and Settings\Marty\My Documents\*.tmp files -> C:\Documents and Settings\Marty\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/08 23:24:34 | 000,097,280 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\screenprintSpybot3-7-10.doc

[2010/03/05 19:24:18 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\danieldrawing3-5-10.doc

[2010/03/01 21:54:32 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\TREclipse2010Rev.doc

[2010/03/01 20:38:47 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\Dear Daniel and Benjamin.doc

[2010/02/28 15:16:12 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Marty\Desktop\Spybot - Search & Destroy.lnk

[2010/02/28 09:29:31 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\recipe - hamentaschen.doc

[2010/02/27 08:26:20 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Marty\My Documents\~$niel DT oral 1 minute presentation.doc

[2010/02/26 16:13:10 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Marty\My Documents\~$nielDavid ThompsonNotes.doc

[2010/02/24 20:29:48 | 001,040,384 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\daniel DT pictures.doc

[2010/02/21 13:38:01 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Marty\Desktop\Windows Media Player.lnk

[2010/02/21 13:08:30 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\daniel DT oral 1 minute presentation.doc

[2010/02/21 08:05:16 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\daniel DT final draft 2-17.doc

[2010/02/20 22:22:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\housecall.guid.cache

[2010/02/11 14:18:39 | 000,541,696 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\danielDavid ThompsonNotes.doc

[2010/02/11 13:33:10 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\DT tri fold board.doc

[2010/02/09 23:23:12 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\spelling 2-9-10.doc

[2010/02/08 23:13:07 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\Spelling words.doc

[2010/02/08 16:39:08 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\Daniel - DT second draft 2-8-10.doc

[2009/01/18 22:22:12 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2008/11/27 21:36:54 | 000,075,329 | ---- | C] () -- C:\Program Files\install_progress_error.log

[2008/11/27 21:36:47 | 000,005,545 | ---- | C] () -- C:\Program Files\install_progress.log

[2008/11/27 21:36:29 | 000,010,726 | ---- | C] () -- C:\Program Files\dir_make.log

[2008/09/02 20:35:27 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\wklnhst.dat

[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2008/07/05 17:08:32 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2008/06/11 22:18:11 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2008/06/10 23:02:41 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/10 22:55:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\fusioncache.dat

[2008/06/10 22:55:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\DSwitch.txt

[2008/06/10 22:55:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\AtStart.txt

[2008/06/10 22:55:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\QSwitch.txt

[2007/11/03 11:52:23 | 000,000,278 | ---- | C] () -- C:\WINDOWS\WMW6.INI

[2007/06/30 05:18:33 | 000,001,202 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007/03/04 08:04:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI

[2006/07/26 10:03:37 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2006/07/26 09:58:17 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini

[2006/07/26 09:45:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/07/26 09:39:49 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006/05/10 06:23:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/05/10 05:48:18 | 000,002,916 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2006/05/10 05:46:02 | 000,004,055 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2006/05/10 05:42:38 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006/04/26 11:48:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/04/26 11:48:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/04/26 11:48:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/04/26 11:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/04/26 11:48:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2005/12/02 10:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/09/16 12:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

[2004/08/04 13:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003187_.tmp.dll

[2004/08/04 13:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003155_.tmp.dll

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/02/04 21:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft

[2008/10/11 08:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings

[2007/04/11 13:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PokerAcademyPro2

[2007/11/29 20:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm

[2010/02/28 15:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007/04/14 07:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2009/02/27 17:41:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

[2009/10/13 16:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Costco Photo Viewer US

[2008/11/17 21:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Image Zone Express

[2008/10/21 05:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Leadertech

[2008/07/05 17:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Panasonic

[2008/09/02 20:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Template

[2010/03/08 17:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2010/02/06 18:49:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2010/02/06 18:49:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2010/02/06 18:49:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:AGP440.sys

[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys

[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/04 06:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >

[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2010/02/06 18:49:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2010/02/06 18:49:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2010/02/06 18:49:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:atapi.sys

[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys

[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll

[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >

[2005/10/13 01:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SWSetup\HDD\iastor.sys

[2005/10/13 01:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >

[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll

[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll

< MD5 for: NVATA.SYS >

[2006/01/26 16:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\IDE\Win2K\sata_ide\nvata.sys

[2006/01/26 16:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\IDE\WinXP\sata_ide\nvata.sys

[2006/01/26 16:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\nvata.sys

[2006/01/26 16:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >

[2006/01/26 16:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\IDE\Win2K\sataraid\nvatabus.sys

[2006/01/26 16:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\IDE\WinXP\sataraid\nvatabus.sys

[2006/01/26 16:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\nvatabus.sys

< MD5 for: SCECLI.DLL >

[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[236 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2006/05/09 22:15:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2006/05/09 22:15:04 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB

@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C05A8628

< End of report >

OTL Extras logfile created on: 3/10/2010 1:38:23 PM - Run 1

OTL by OldTimer - Version 3.1.36.0 Folder = C:\Documents and Settings\Marty\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 164.00 Mb Available Physical Memory | 17.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 47.80 Gb Total Space | 1.41 Gb Free Space | 2.96% Space Free | Partition Type: NTFS

Drive D: | 8.07 Gb Total Space | 0.91 Gb Free Space | 11.26% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC210001757521

Current User Name: Marty

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found

"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)

"C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module

"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup

"{13BCF6CB-2F54-4962-9B11-32F07048ACF3}" = HP User Guides 0031

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2

"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006

"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A1

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder

"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam

"{3EB3B7E8-1466-405A-B5BC-44513AF85E34}_is1" = UltimateBet

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.3

"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant

"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config

"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite

"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1

"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update

"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1

"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player

"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-

"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour

"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help

"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio

"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module

"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3

"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Update

"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig

"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices

"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)

"0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)

"103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)

"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)

"320F055A-570F-4335-B026-16A836DB9549" = Final Drive Nitro from Hewlett-Packard Laptops (remove only)

"382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)

"384E0BF4-1E1F-45A6-B60E-42144A3F15CD" = Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)

"4C061F83-EE92-445A-A03F-184B0BD59242" = Jewel Quest from Hewlett-Packard Laptops (remove only)

"5658FB14-16A4-4DAE-946B-1457BE31572E" = Boggle Supreme from Hewlett-Packard Laptops (remove only)

"5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)

"5DE4D54F-AA79-43A4-9C8A-C173E7E2B025" = 5 Card Slingo from Hewlett-Packard Laptops (remove only)

"6E377D95-DF37-4E67-B64B-68C314600BCB" = Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)

"6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89" = FATE from Hewlett-Packard Laptops (remove only)

"7948472C-423F-4134-B68F-48D660A05D71" = Big Kahuna Reef from Hewlett-Packard Laptops (remove only)

"7A940E33-6993-404B-ABA6-ED62E8FBE615" = Bounce Symphony from Hewlett-Packard Laptops (remove only)

"7ED8A70C-9597-40BE-AEA0-0573182F1F51" = Super Granny from Hewlett-Packard Laptops (remove only)

"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54" = Polar Bowler from Hewlett-Packard Laptops (remove only)

"9E140F48C9836B9B78539C08FB2B17146BDB3F65" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)

"9F3399B2-9ED6-4339-84A2-686432638B86" = Blasterball 2 from Hewlett-Packard Laptops (remove only)

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AI RoboForm" = AI RoboForm (All Users)

"B0202B33-E73D-4FCD-AC88-0B2971AFC116" = Slyder from Hewlett-Packard Laptops (remove only)

"B0769D17-E72A-4E87-A83F-1F7A3F080008" = Bookworm Deluxe from Hewlett-Packard Laptops (remove only)

"BFGC" = Big Fish Games Client

"BFG-Mystery Case Files - Madame Fate" = Mystery Case Files: Madame Fate

"Bodog Poker_is1" = Bodog Poker Version 2.16.3.49

"C264D692-8E15-4141-96A2-5621332E5DD0" = Slingo Deluxe from Hewlett-Packard Laptops (remove only)

"CNXT_HDAUDIO" = Conexant HD Audio

"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP

"D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)

"DED8E2B5-BA9F-448F-84E8-0AEF79876F95" = Snowboard SuperJam

"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)

"E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)

"E90E3AE9-73E4-4E5C-BB0F-673989A808D0" = Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)

"E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2" = Crystal Maze from Hewlett-Packard Laptops (remove only)

"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)

"ESET Online Scanner" = ESET Online Scanner v3

"F2566CC2-D4C4-44ED-A838-3F8288D8D3FE" = Flip Words from Hewlett-Packard Laptops (remove only)

"HP Game Console" = HP Game Console and games

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPExtendedCapabilities" = HP Customer Participation Program 7.0

"HPOCR" = OCR Software by I.R.I.S 7.0

"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"Legacy 5.0" = Legacy 5.0

"lvdrivers_11.80" = Logitech QuickCam Driver Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)

"NAV" = Norton AntiVirus

"Netscape Browser" = Netscape Browser (remove only)

"NVIDIA Drivers" = NVIDIA Drivers

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"SpywareBlaster_is1" = SpywareBlaster 4.2

"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus (Symantec Corporation)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WGA" = Windows Genuine Advantage Validation Tool

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMCSetup" = Windows Media Connect

"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer

"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Absolute Poker" = Absolute Poker

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/21/2010 2:15:37 AM | Computer Name = PC210001757521 | Source = Application Hang | ID = 1002

Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 2/21/2010 2:15:40 AM | Computer Name = PC210001757521 | Source = Application Hang | ID = 1002

Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 2/21/2010 2:16:36 AM | Computer Name = PC210001757521 | Source = Application Hang | ID = 1002

Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 2/28/2010 11:23:49 AM | Computer Name = PC210001757521 | Source = Automatic LiveUpdate Scheduler | ID = 101

Description = Information Level: error Initialization of the COM subsystem failed.

Error code: 0x8007041D.

Error - 2/28/2010 6:00:03 PM | Computer Name = PC210001757521 | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting

module quartz.dll, version 6.5.2600.5596, fault address 0x000177c2.

Error - 3/3/2010 9:46:47 PM | Computer Name = PC210001757521 | Source = Application Hang | ID = 1002

Description = Hanging application googletalk.exe, version 1.0.0.104, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2010 9:17:05 PM | Computer Name = PC210001757521 | Source = Google Update | ID = 20

Description =

Error - 3/7/2010 10:35:40 PM | Computer Name = PC210001757521 | Source = Automatic LiveUpdate Scheduler | ID = 101

Description = Information Level: error Initialization of the COM subsystem failed.

Error code: 0x8007041D.

Error - 3/8/2010 2:57:40 AM | Computer Name = PC210001757521 | Source = Automatic LiveUpdate Scheduler | ID = 101

Description = Information Level: error Initialization of the COM subsystem failed.

Error code: 0x8007041D.

Error - 3/10/2010 5:17:15 PM | Computer Name = PC210001757521 | Source = Google Update | ID = 20

Description =

[ System Events ]

Error - 3/9/2010 12:30:45 PM | Computer Name = PC210001757521 | Source = nv | ID = 262187

Description = The system sleep operation failed

< End of report >

Link to post
Share on other sites
Martymarty

Martymarty

Posted
  • Author
Posted

The Gmer took a very long time! Here it is! Thanks for your help.

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-03-11 07:05:27

Windows 5.1.2600 Service Pack 3

Running: q7d3uthu.exe; Driver: C:\DOCUME~1\Marty\LOCALS~1\Temp\fwloqfow.sys

---- System - GMER 1.0.15 ----

SSDT 860FFD50 ZwAlertResumeThread

SSDT 86101320 ZwAlertThread

SSDT 85CD8960 ZwAllocateVirtualMemory

SSDT 8625C210 ZwAssignProcessToJobObject

SSDT 860CCC98 ZwConnectPort

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEB524130]

SSDT 860EC600 ZwCreateMutant

SSDT 860987A8 ZwCreateSymbolicLinkObject

SSDT 86192AF8 ZwCreateThread

SSDT 860D6528 ZwDebugActiveProcess

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEB5243B0]

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEB524910]

SSDT 85E23818 ZwDuplicateObject

SSDT 85E108F0 ZwFreeVirtualMemory

SSDT 860FAA30 ZwImpersonateAnonymousToken

SSDT 860FCF30 ZwImpersonateThread

SSDT 860E5108 ZwLoadDriver

SSDT 861AA118 ZwMapViewOfSection

SSDT 860F7740 ZwOpenEvent

SSDT 85E2B7B8 ZwOpenProcess

SSDT 8611D758 ZwOpenProcessToken

SSDT 860D6888 ZwOpenSection

SSDT 85E238A8 ZwOpenThread

SSDT 86098838 ZwProtectVirtualMemory

SSDT 86120340 ZwResumeThread

SSDT 861148E0 ZwSetContextThread

SSDT 85E107D0 ZwSetInformationProcess

SSDT 860D6600 ZwSetSystemInformation

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEB524B60]

SSDT 860D8920 ZwSuspendProcess

SSDT 8610BE90 ZwSuspendThread

SSDT 8611D830 ZwTerminateProcess

SSDT 85BB6630 ZwTerminateThread

SSDT 861149B8 ZwUnmapViewOfSection

SSDT 85CD88D0 ZwWriteVirtualMemory

Code 848F0385 pIofCallDriver

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths@Directory C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1@CachePath C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2@CachePath C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3@CachePath C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4@CachePath C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites
Martymarty

Martymarty

Posted
  • Author
Posted

ComboFix 10-03-11.02 - Marty 03/11/2010 12:26:11.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.422 [GMT -8:00]

Running from: c:\documents and settings\Marty\My Documents\Downloads\ComboFix.exe

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Update

c:\program files\Update\Install\update.EXE

c:\program files\WinPCap

c:\program files\WinPCap\daemon_mgm.exe

c:\program files\WinPCap\NetMonInstaller.exe

c:\program files\WinPCap\npf_mgm.exe

c:\program files\WinPCap\rpcapd.exe

c:\program files\WinPCap\Uninstall.exe

c:\recycler\S-1-5-21-914371004-3562344740-2456917781-1006

c:\windows\system32\_003144_.tmp.dll

c:\windows\system32\_003145_.tmp.dll

c:\windows\system32\_003146_.tmp.dll

c:\windows\system32\_003147_.tmp.dll

c:\windows\system32\_003154_.tmp.dll

c:\windows\system32\_003155_.tmp.dll

c:\windows\system32\_003156_.tmp.dll

c:\windows\system32\_003157_.tmp.dll

c:\windows\system32\_003159_.tmp.dll

c:\windows\system32\_003160_.tmp.dll

c:\windows\system32\_003163_.tmp.dll

c:\windows\system32\_003164_.tmp.dll

c:\windows\system32\_003166_.tmp.dll

c:\windows\system32\_003167_.tmp.dll

c:\windows\system32\_003168_.tmp.dll

c:\windows\system32\_003170_.tmp.dll

c:\windows\system32\_003171_.tmp.dll

c:\windows\system32\_003173_.tmp.dll

c:\windows\system32\_003174_.tmp.dll

c:\windows\system32\_003178_.tmp.dll

c:\windows\system32\_003179_.tmp.dll

c:\windows\system32\_003181_.tmp.dll

c:\windows\system32\_003183_.tmp.dll

c:\windows\system32\_003184_.tmp.dll

c:\windows\system32\_003186_.tmp.dll

c:\windows\system32\_003187_.tmp.dll

c:\windows\system32\_003188_.tmp.dll

c:\windows\system32\_003189_.tmp.dll

c:\windows\system32\_003190_.tmp.dll

c:\windows\system32\_003193_.tmp.dll

c:\windows\system32\_003194_.tmp.dll

c:\windows\system32\_003195_.tmp.dll

c:\windows\system32\_003196_.tmp.dll

c:\windows\system32\_003197_.tmp.dll

c:\windows\system32\_003202_.tmp.dll

c:\windows\system32\_003204_.tmp.dll

c:\windows\system32\_003205_.tmp.dll

c:\windows\system32\11478.exe

c:\windows\system32\15724.exe

c:\windows\system32\19169.exe

c:\windows\system32\24464.exe

c:\windows\system32\26500.exe

c:\windows\system32\26962.exe

c:\windows\system32\29358.exe

c:\windows\system32\5705.exe

c:\windows\system32\6334.exe

c:\windows\System32\BSTIeprintctl1.dll

c:\windows\system32\config\42775644.Evt

c:\windows\TEMP\logishrd\LVPrcInj01.dll

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_asc3550p

((((((((((((((((((((((((( Files Created from 2010-02-11 to 2010-03-11 )))))))))))))))))))))))))))))))

.

2010-02-28 21:29 . 2010-02-28 21:29 -------- d-----w- c:\windows\system32\scripting

2010-02-28 21:29 . 2010-02-28 21:29 -------- d-----w- c:\windows\l2schemas

2010-02-28 21:29 . 2010-02-28 21:29 -------- d-----w- c:\windows\system32\en

2010-02-28 21:29 . 2010-02-28 21:29 -------- d-----w- c:\windows\system32\bits

2010-02-21 06:49 . 2010-02-21 06:49 -------- d-----w- c:\program files\ESET

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-09 05:57 . 2010-01-25 04:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-28 23:28 . 2010-02-28 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-02-28 23:16 . 2010-02-28 23:16 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-02-28 23:09 . 2008-02-09 04:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-02-28 23:09 . 2007-02-07 18:16 -------- d-----w- c:\program files\SpywareBlaster

2010-02-06 06:10 . 2009-01-08 03:52 -------- d-----w- c:\program files\UltimateBet2

2010-02-03 00:03 . 2008-06-12 03:16 -------- d-----w- c:\program files\Symantec

2010-02-03 00:03 . 2008-06-12 05:55 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-02-03 00:03 . 2008-06-12 05:55 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-02-03 00:03 . 2008-06-12 05:55 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-02-03 00:03 . 2008-06-12 05:55 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-02-01 06:58 . 2006-07-26 17:30 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-02-01 06:31 . 2010-01-25 06:35 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-02-01 06:26 . 2010-02-01 06:26 -------- d-----w- c:\program files\Windows Sidebar

2010-02-01 06:26 . 2008-03-16 18:08 -------- d-----w- c:\program files\Norton AntiVirus

2010-02-01 06:26 . 2008-10-11 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-02-01 06:25 . 2010-02-01 06:25 -------- d-----w- c:\program files\NortonInstaller

2010-02-01 06:20 . 2008-10-11 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-01-25 04:09 . 2010-01-25 04:09 -------- d-----w- c:\documents and settings\Marty\Application Data\Malwarebytes

2010-01-25 04:09 . 2010-01-25 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-20 20:26 . 2010-02-01 06:28 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys

2010-01-08 00:07 . 2010-01-25 04:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 00:07 . 2010-01-25 04:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-31 16:50 . 2010-02-07 02:49 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-22 05:21 . 2004-08-04 21:00 667136 ----a-w- c:\windows\system32\wininet.dll

2009-12-22 05:20 . 2004-08-04 21:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-12-16 18:43 . 2004-08-04 21:00 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:08 . 2010-02-07 02:50 33280 ----a-w- c:\windows\system32\csrsrv.dll

2008-11-28 05:37 . 2008-11-28 05:36 5545 ----a-w- c:\program files\install_progress.log

2008-11-28 05:37 . 2008-11-28 05:36 75329 ----a-w- c:\program files\install_progress_error.log

2008-11-28 05:37 . 2008-11-28 05:36 10726 ----a-w- c:\program files\dir_make.log

2007-02-25 23:43 . 2007-02-26 00:43 22 --sha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-11-01 160592]

"Google Update"="c:\documents and settings\Marty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-19 133104]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-26 86016]

"nwiz"="nwiz.exe" [2006-04-26 1519616]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-06-22 102400]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 135168]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-15 565008]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-15 2407184]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-22 520024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-7-5 40960]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Documents and Settings\\Marty\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Marty\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/27/2009 5:42 PM 64160]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [2/2/2010 4:02 PM 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [2/2/2010 4:02 PM 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [2/2/2010 4:02 PM 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSXpx86.sys [3/10/2010 1:34 PM 329592]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 1:34 PM 1028432]

R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [2/2/2010 4:02 PM 117640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/21/2010 5:51 PM 102448]

.

Contents of the 'Scheduled Tasks' folder

2010-03-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:44]

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 20:42]

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-412373964-2120146892-2171935858-1006Core.job

- c:\documents and settings\Marty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-19 05:44]

2010-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-412373964-2120146892-2171935858-1006UA.job

- c:\documents and settings\Marty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-19 05:44]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop

uInternet Connection Wizard,ShellNext = hxxp://www.symantec.com/techsupp

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

.

- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-SymLnch - c:\documents and settings\Marty\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070826\Support\SymLnch\SymLnch.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-11 12:38

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???hc??????Y?@?????<?@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]

"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7140)

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Completion time: 2010-03-11 12:55:42 - machine was rebooted

ComboFix-quarantined-files.txt 2010-03-11 20:55

Pre-Run: 2,160,263,168 bytes free

Post-Run: 7,369,506,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9FDD40A0E715EAA04EF6936C68E48859

Link to post
Share on other sites
Martymarty

Martymarty

Posted
  • Author
Posted

Can I re-enable Norton and Spybot at this stage, or keep them disabled until this is done? Although I had disabled Spybot and Norton prior to running combofix, after Combofix re-booted my computer, I had to re-disenable them, so I'm not sure if that had any impact. Also, I have Spywareblaster. Please let me know. Thanks again for your help1!

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Yes re-enable Norton leave Spybot off until we finish it will interfere with our fixes.

You are welcome :lol:

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites
Martymarty

Martymarty

Posted
  • Author
Posted

A couple of follow up questions.

#1--With Spybot, I disable the resident protection, but upon reboot it comes back and reloads and tells me about all the changes (registry etc., probably from Combofix etc) and whether I should allow them. I then allowed them. Do I have to actually uninstall the whole program to prevent it from interfering, or is there a different way to disable it without it continuing to come up when rebooting?

#2 Last time, after the last malware problem, I ran MBAM Quick Scan and cleaned the computer and also ran PCTools online scanner and Eset, both which then showed no infection or problems (but the rootkit problem still came back a couple days later). However, I then did the full MBAM scan which brought up these 2 (which hadn't shown in the quickscan):

C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP538\A0041052.sys (Trojan.Proxy.Saturn)

C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP538\A0041053.sys (Trojan.Proxy.Saturn)

I then took care of these, but nevertheless, the rootkit problem (asc3550p) resurfaced. Just wanted to let you know.

Should I run the QuickScan or Full Scan now?

Please let me know and I'll get it rolling. Thanks again so much for all your help.

Link to post
Share on other sites
Martymarty

Martymarty

Posted
  • Author
Posted

Here's the MBAM log:

Malwarebytes' Anti-Malware 1.44

Database version: 3806

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

3/12/2010 10:25:27 AM

mbam-log-2010-03-12 (10-25-27).txt

Scan type: Quick Scan

Objects scanned: 129594

Time elapsed: 45 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Will run Eset now

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

It is good if those scanners show no infections:

These items are in System Restore points and are no longer active we will purge the restore points when we wrap it up.

C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP538\A0041052.sys (Trojan.Proxy.Saturn)

C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP538\A0041053.sys (Trojan.Proxy.Saturn)

So let me know of any remaining problems and post a new OTL log:

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Link to post
Share on other sites
Martymarty

Martymarty

Posted
  • Author
Posted

here's the log for the ESET scanner:

C:\Qoobox\Quarantine\C\WINDOWS\system32\config\42775644.Evt.vir a variant of Win32/Nulprot trojan cleaned by deleting - quarantined

It is good if those scanners show no infections:

These items are in System Restore points and are no longer active we will purge the restore points when we wrap it up.

C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP538\A0041052.sys (Trojan.Proxy.Saturn)

C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP538\A0041053.sys (Trojan.Proxy.Saturn)

So let me know of any remaining problems and post a new OTL log:

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Link to post
Share on other sites
Martymarty

Martymarty

Posted
  • Author
Posted

Here's the OTL Log!

Thanks again :lol:

OTL logfile created on: 3/12/2010 3:44:17 PM - Run 2

OTL by OldTimer - Version 3.1.36.0 Folder = C:\Documents and Settings\Marty\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 389.00 Mb Available Physical Memory | 41.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 47.80 Gb Total Space | 7.36 Gb Free Space | 15.39% Space Free | Partition Type: NTFS

Drive D: | 8.07 Gb Total Space | 0.91 Gb Free Space | 11.26% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC210001757521

Current User Name: Marty

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Marty\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)

PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)

PRC - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)

PRC - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Marty\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\temp\logishrd\LVPrcInj01.dll (Logitech Inc.)

========== Win32 Services (SafeList) ==========

SRV - (Norton AntiVirus) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\NAVENG.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSXpx86.sys (Symantec Corporation)

DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS (Symantec Corporation)

DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys (Symantec Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS (Symantec Corporation)

DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS (Symantec Corporation)

DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS (Symantec Corporation)

DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) QuickCam Pro for Notebooks(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)

DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)

DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

IE - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http:mail.yahoo.com"

FF - prefs.js..extensions.enabledItems: googletalk@adarsh.tp:1.0

FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/11/29 20:10:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/22 06:25:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/22 06:25:19 | 000,000,000 | ---D | M]

[2008/09/03 17:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Mozilla\Extensions

[2008/09/03 17:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marty\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/03/09 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Mozilla\Firefox\Profiles\t2k8x1eh.default\extensions

[2009/01/18 15:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Mozilla\Firefox\Profiles\t2k8x1eh.default\extensions\googletalk@adarsh.tp

[2010/03/12 12:43:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/02/22 06:25:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/02/22 06:24:52 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/02/22 06:24:53 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/08/07 12:35:32 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

[2009/12/31 10:34:29 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll

[2010/02/22 06:25:09 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/05/10 21:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2007/10/28 09:48:21 | 000,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2008/07/05 17:16:06 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2007/10/28 09:48:30 | 000,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2007/10/28 09:48:15 | 000,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2009/09/04 12:47:58 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/09/04 12:47:58 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/09/04 12:47:58 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/09/04 12:47:58 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/09/04 12:47:58 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/09/04 12:47:58 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/09/04 12:47:58 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/03/11 12:37:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006..\Run: [Google Update] C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)

O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/11 12:20:47 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/03/11 12:18:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/03/11 12:18:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/03/11 12:18:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/03/11 12:18:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/03/11 12:18:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/03/11 12:17:36 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/03/10 13:37:15 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe

[2010/03/08 20:46:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/03/01 06:58:30 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll

[2010/02/28 15:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/02/28 15:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/02/28 14:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/02/28 13:29:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us

[2010/02/28 13:29:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting

[2010/02/28 13:29:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2010/02/28 13:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en

[2010/02/28 13:29:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2010/02/28 13:14:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2010/02/20 22:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2008/07/31 09:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2007/04/14 07:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot

[2006/07/26 09:22:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2006/07/26 09:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2006/07/26 09:22:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2006/07/26 09:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2005/09/24 07:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

[236 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[12 C:\Documents and Settings\Marty\My Documents\*.tmp files -> C:\Documents and Settings\Marty\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/12 15:17:02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-412373964-2120146892-2171935858-1006UA.job

[2010/03/12 12:46:28 | 000,000,313 | ---- | M] () -- C:\hpqp.ini

[2010/03/12 12:45:49 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini

[2010/03/12 12:45:29 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/03/12 12:43:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/12 12:43:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/12 12:43:28 | 1005,170,688 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/12 11:33:56 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Marty\NTUSER.DAT

[2010/03/12 11:33:56 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Marty\ntuser.ini

[2010/03/12 08:17:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-412373964-2120146892-2171935858-1006Core.job

[2010/03/11 12:38:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/03/11 12:37:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/03/11 12:21:08 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/03/10 12:34:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/03/08 23:24:34 | 000,097,280 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\screenprintSpybot3-7-10.doc

[2010/03/08 23:21:48 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\Microsoft Office Word 2003.lnk

[2010/03/08 17:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/03/07 21:58:01 | 000,004,055 | ---- | M] () -- C:\WINDOWS\WININIT.INI

[2010/03/05 19:24:19 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\danieldrawing3-5-10.doc

[2010/03/04 10:27:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/03/02 20:16:29 | 000,383,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/03/02 20:16:28 | 000,054,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/03/02 20:16:23 | 000,443,380 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/03/01 23:00:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/03/01 22:40:56 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\TREclipse2010Rev.doc

[2010/03/01 20:38:47 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\Dear Daniel and Benjamin.doc

[2010/02/28 19:27:55 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\daniel DT oral 1 minute presentation.doc

[2010/02/28 15:16:12 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\Spybot - Search & Destroy.lnk

[2010/02/28 14:45:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/02/28 14:43:23 | 000,255,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/02/28 14:14:02 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/28 13:17:53 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/02/28 09:29:31 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\recipe - hamentaschen.doc

[2010/02/27 08:26:20 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marty\My Documents\~$niel DT oral 1 minute presentation.doc

[2010/02/26 16:51:11 | 001,040,384 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\daniel DT pictures.doc

[2010/02/26 16:13:10 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marty\My Documents\~$nielDavid ThompsonNotes.doc

[2010/02/24 20:30:03 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\daniel DT final draft 2-17.doc

[2010/02/22 06:51:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\benjamin bus pass.doc

[2010/02/21 13:38:01 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\Windows Media Player.lnk

[2010/02/20 22:22:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\housecall.guid.cache

[2010/02/11 20:00:18 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\DT tri fold board.doc

[2010/02/11 14:27:41 | 000,541,696 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\danielDavid ThompsonNotes.doc

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[236 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[12 C:\Documents and Settings\Marty\My Documents\*.tmp files -> C:\Documents and Settings\Marty\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/11 12:21:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/03/11 12:21:00 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/03/11 12:18:53 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/03/11 12:18:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/03/11 12:18:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/03/11 12:18:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/03/11 12:18:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/03/08 23:24:34 | 000,097,280 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\screenprintSpybot3-7-10.doc

[2010/03/05 19:24:18 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\danieldrawing3-5-10.doc

[2010/03/01 21:54:32 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\TREclipse2010Rev.doc

[2010/03/01 20:38:47 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\Dear Daniel and Benjamin.doc

[2010/02/28 15:16:12 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Marty\Desktop\Spybot - Search & Destroy.lnk

[2010/02/28 09:29:31 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\recipe - hamentaschen.doc

[2010/02/27 08:26:20 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Marty\My Documents\~$niel DT oral 1 minute presentation.doc

[2010/02/26 16:13:10 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Marty\My Documents\~$nielDavid ThompsonNotes.doc

[2010/02/24 20:29:48 | 001,040,384 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\daniel DT pictures.doc

[2010/02/21 13:38:01 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Marty\Desktop\Windows Media Player.lnk

[2010/02/21 13:08:30 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\daniel DT oral 1 minute presentation.doc

[2010/02/21 08:05:16 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\daniel DT final draft 2-17.doc

[2010/02/20 22:22:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\housecall.guid.cache

[2010/02/11 14:18:39 | 000,541,696 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\danielDavid ThompsonNotes.doc

[2010/02/11 13:33:10 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\DT tri fold board.doc

[2009/01/18 22:22:12 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2008/11/27 21:36:54 | 000,075,329 | ---- | C] () -- C:\Program Files\install_progress_error.log

[2008/11/27 21:36:47 | 000,005,545 | ---- | C] () -- C:\Program Files\install_progress.log

[2008/11/27 21:36:29 | 000,010,726 | ---- | C] () -- C:\Program Files\dir_make.log

[2008/09/02 20:35:27 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\wklnhst.dat

[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2008/07/05 17:08:32 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2008/06/11 22:18:11 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2008/06/10 23:02:41 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/10 22:55:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\fusioncache.dat

[2008/06/10 22:55:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\DSwitch.txt

[2008/06/10 22:55:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\AtStart.txt

[2008/06/10 22:55:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\QSwitch.txt

[2007/11/03 11:52:23 | 000,000,278 | ---- | C] () -- C:\WINDOWS\WMW6.INI

[2007/06/30 05:18:33 | 000,001,202 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007/03/04 08:04:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI

[2006/07/26 10:03:37 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2006/07/26 09:58:17 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini

[2006/07/26 09:45:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/07/26 09:39:49 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006/05/10 06:23:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/05/10 05:48:18 | 000,002,916 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2006/05/10 05:46:02 | 000,004,055 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2006/05/10 05:42:38 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006/04/26 11:48:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/04/26 11:48:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/04/26 11:48:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/04/26 11:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/04/26 11:48:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2005/12/02 10:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/09/16 12:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB

@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C05A8628

< End of report >

Link to post
Share on other sites
Martymarty

Martymarty

Posted
  • Author
Posted

Here's the OTL with custom scan and LOP and Purity check. Thanks again!

OTL logfile created on: 3/12/2010 4:33:03 PM - Run 2

OTL by OldTimer - Version 3.1.36.0 Folder = C:\Documents and Settings\Marty\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 308.00 Mb Available Physical Memory | 32.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 47.80 Gb Total Space | 7.35 Gb Free Space | 15.38% Space Free | Partition Type: NTFS

Drive D: | 8.07 Gb Total Space | 0.91 Gb Free Space | 11.26% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC210001757521

Current User Name: Marty

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Marty\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)

PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)

PRC - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)

PRC - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Marty\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\temp\logishrd\LVPrcInj01.dll (Logitech Inc.)

========== Win32 Services (SafeList) ==========

SRV - (Norton AntiVirus) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.022\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.022\NAVENG.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSXpx86.sys (Symantec Corporation)

DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS (Symantec Corporation)

DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys (Symantec Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS (Symantec Corporation)

DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS (Symantec Corporation)

DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS (Symantec Corporation)

DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) QuickCam Pro for Notebooks(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)

DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)

DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

IE - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http:mail.yahoo.com"

FF - prefs.js..extensions.enabledItems: googletalk@adarsh.tp:1.0

FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/11/29 20:10:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/22 06:25:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/22 06:25:19 | 000,000,000 | ---D | M]

[2008/09/03 17:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Mozilla\Extensions

[2008/09/03 17:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marty\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/03/09 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Mozilla\Firefox\Profiles\t2k8x1eh.default\extensions

[2009/01/18 15:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Mozilla\Firefox\Profiles\t2k8x1eh.default\extensions\googletalk@adarsh.tp

[2010/03/12 12:43:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/02/22 06:25:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/02/22 06:24:52 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/02/22 06:24:53 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/08/07 12:35:32 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

[2009/12/31 10:34:29 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll

[2010/02/22 06:25:09 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/05/10 21:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2007/10/28 09:48:21 | 000,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2008/07/05 17:16:06 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2008/07/05 17:16:07 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2007/10/28 09:48:30 | 000,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2007/10/28 09:48:15 | 000,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2009/09/04 12:47:58 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/09/04 12:47:58 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/09/04 12:47:58 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/09/04 12:47:58 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/09/04 12:47:58 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/09/04 12:47:58 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/09/04 12:47:58 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/03/11 12:37:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006..\Run: [Google Update] C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)

O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-412373964-2120146892-2171935858-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/06/10 22:41:45 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17736316556935168)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/11 12:20:47 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/03/11 12:18:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/03/11 12:18:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/03/11 12:18:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/03/11 12:18:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/03/11 12:18:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/03/11 12:17:36 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/03/10 13:37:15 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe

[2010/03/08 20:46:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/03/01 06:58:30 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll

[2010/02/28 15:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/02/28 15:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/02/28 14:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/02/28 13:29:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us

[2010/02/28 13:29:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting

[2010/02/28 13:29:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2010/02/28 13:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en

[2010/02/28 13:29:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2010/02/28 13:14:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2010/02/20 22:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2008/07/31 09:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2007/04/14 07:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot

[2006/07/26 09:22:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2006/07/26 09:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2006/07/26 09:22:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2006/07/26 09:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2005/09/24 07:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

[236 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[12 C:\Documents and Settings\Marty\My Documents\*.tmp files -> C:\Documents and Settings\Marty\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/12 16:17:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-412373964-2120146892-2171935858-1006UA.job

[2010/03/12 12:46:28 | 000,000,313 | ---- | M] () -- C:\hpqp.ini

[2010/03/12 12:45:49 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini

[2010/03/12 12:45:29 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/03/12 12:43:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/12 12:43:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/12 12:43:28 | 1005,170,688 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/12 11:33:56 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Marty\NTUSER.DAT

[2010/03/12 11:33:56 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Marty\ntuser.ini

[2010/03/12 08:17:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-412373964-2120146892-2171935858-1006Core.job

[2010/03/11 12:38:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/03/11 12:37:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/03/11 12:21:08 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/03/10 12:34:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/03/08 23:24:34 | 000,097,280 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\screenprintSpybot3-7-10.doc

[2010/03/08 23:21:48 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\Microsoft Office Word 2003.lnk

[2010/03/08 17:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/03/07 21:58:01 | 000,004,055 | ---- | M] () -- C:\WINDOWS\WININIT.INI

[2010/03/05 19:24:19 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\danieldrawing3-5-10.doc

[2010/03/04 10:27:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/03/02 20:16:29 | 000,383,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/03/02 20:16:28 | 000,054,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/03/02 20:16:23 | 000,443,380 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/03/01 23:00:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/03/01 22:40:56 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\TREclipse2010Rev.doc

[2010/03/01 20:38:47 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\Dear Daniel and Benjamin.doc

[2010/02/28 19:27:55 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\daniel DT oral 1 minute presentation.doc

[2010/02/28 15:16:12 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\Spybot - Search & Destroy.lnk

[2010/02/28 14:45:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/02/28 14:43:23 | 000,255,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/02/28 14:14:02 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/28 13:17:53 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/02/28 09:29:31 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\recipe - hamentaschen.doc

[2010/02/27 08:26:20 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marty\My Documents\~$niel DT oral 1 minute presentation.doc

[2010/02/26 16:51:11 | 001,040,384 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\daniel DT pictures.doc

[2010/02/26 16:13:10 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marty\My Documents\~$nielDavid ThompsonNotes.doc

[2010/02/24 20:30:03 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\daniel DT final draft 2-17.doc

[2010/02/22 06:51:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\benjamin bus pass.doc

[2010/02/21 13:38:01 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\Windows Media Player.lnk

[2010/02/20 22:22:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\housecall.guid.cache

[2010/02/11 20:00:18 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\DT tri fold board.doc

[2010/02/11 14:27:41 | 000,541,696 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\danielDavid ThompsonNotes.doc

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[236 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[12 C:\Documents and Settings\Marty\My Documents\*.tmp files -> C:\Documents and Settings\Marty\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/11 12:21:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/03/11 12:21:00 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/03/11 12:18:53 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/03/11 12:18:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/03/11 12:18:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/03/11 12:18:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/03/11 12:18:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/03/08 23:24:34 | 000,097,280 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\screenprintSpybot3-7-10.doc

[2010/03/05 19:24:18 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\danieldrawing3-5-10.doc

[2010/03/01 21:54:32 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\TREclipse2010Rev.doc

[2010/03/01 20:38:47 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\Dear Daniel and Benjamin.doc

[2010/02/28 15:16:12 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Marty\Desktop\Spybot - Search & Destroy.lnk

[2010/02/28 09:29:31 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\recipe - hamentaschen.doc

[2010/02/27 08:26:20 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Marty\My Documents\~$niel DT oral 1 minute presentation.doc

[2010/02/26 16:13:10 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Marty\My Documents\~$nielDavid ThompsonNotes.doc

[2010/02/24 20:29:48 | 001,040,384 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\daniel DT pictures.doc

[2010/02/21 13:38:01 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Marty\Desktop\Windows Media Player.lnk

[2010/02/21 13:08:30 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\daniel DT oral 1 minute presentation.doc

[2010/02/21 08:05:16 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\daniel DT final draft 2-17.doc

[2010/02/20 22:22:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\housecall.guid.cache

[2010/02/11 14:18:39 | 000,541,696 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\danielDavid ThompsonNotes.doc

[2010/02/11 13:33:10 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\DT tri fold board.doc

[2009/01/18 22:22:12 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2008/11/27 21:36:54 | 000,075,329 | ---- | C] () -- C:\Program Files\install_progress_error.log

[2008/11/27 21:36:47 | 000,005,545 | ---- | C] () -- C:\Program Files\install_progress.log

[2008/11/27 21:36:29 | 000,010,726 | ---- | C] () -- C:\Program Files\dir_make.log

[2008/09/02 20:35:27 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\wklnhst.dat

[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2008/07/05 17:08:32 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2008/06/11 22:18:11 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2008/06/10 23:02:41 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/10 22:55:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\fusioncache.dat

[2008/06/10 22:55:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\DSwitch.txt

[2008/06/10 22:55:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\AtStart.txt

[2008/06/10 22:55:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\QSwitch.txt

[2007/11/03 11:52:23 | 000,000,278 | ---- | C] () -- C:\WINDOWS\WMW6.INI

[2007/06/30 05:18:33 | 000,001,202 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007/03/04 08:04:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI

[2006/07/26 10:03:37 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2006/07/26 09:58:17 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini

[2006/07/26 09:45:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/07/26 09:39:49 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006/05/10 06:23:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/05/10 05:48:18 | 000,002,916 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2006/05/10 05:46:02 | 000,004,055 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2006/05/10 05:42:38 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006/04/26 11:48:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/04/26 11:48:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/04/26 11:48:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/04/26 11:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/04/26 11:48:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2005/12/02 10:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/09/16 12:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/02/04 21:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft

[2008/10/11 08:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings

[2007/04/11 13:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PokerAcademyPro2

[2007/11/29 20:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm

[2010/02/28 15:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007/04/14 07:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2009/02/27 17:41:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

[2008/01/06 20:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Eskenazi\Application Data\Family Lawyer

[2008/05/14 19:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Eskenazi\Application Data\Image Zone Express

[2007/02/28 20:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Eskenazi\Application Data\Leadertech

[2007/02/06 11:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Eskenazi\Application Data\Netscape

[2007/04/11 13:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Eskenazi\Application Data\PokerAcademyPro2

[2007/04/11 13:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Eskenazi\Application Data\PokerAcademyPro2Demo

[2007/03/03 11:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Eskenazi\Application Data\Template

[2007/04/14 07:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Eskenazi\Application Data\WildTangent

[2009/10/13 16:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Costco Photo Viewer US

[2008/11/17 21:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Image Zone Express

[2008/10/21 05:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Leadertech

[2008/07/05 17:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Panasonic

[2008/09/02 20:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Template

[2010/03/08 17:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2010/02/06 18:49:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2010/02/06 18:49:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/04 06:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >

[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2010/02/06 18:49:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2010/02/06 18:49:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >

[2005/10/13 01:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SWSetup\HDD\iastor.sys

[2005/10/13 01:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >

[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll

< MD5 for: NVATA.SYS >

[2006/01/26 16:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\IDE\Win2K\sata_ide\nvata.sys

[2006/01/26 16:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\IDE\WinXP\sata_ide\nvata.sys

[2006/01/26 16:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\nvata.sys

[2006/01/26 16:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >

[2006/01/26 16:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\IDE\Win2K\sataraid\nvatabus.sys

[2006/01/26 16:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\IDE\WinXP\sataraid\nvatabus.sys

[2006/01/26 16:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\nvatabus.sys

< MD5 for: SCECLI.DLL >

[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[236 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2006/05/09 22:15:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2006/05/09 22:15:04 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB

@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C05A8628

< End of report >

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 18...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept