BleepingComputer.com: Directdr Search engine redirect

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

Directdr Search engine redirect Need help with removal

#1 User is offline   Jalene 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 06-January 10

Posted 09 January 2010 - 02:03 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic284861.html ~ OB

I used Malwarebytes to remove Internet Security 2010 from a computer. The residue seems to be that search engines are redirected consistantly to alternet sites. The main culprit seems to be Directdr. and according to what the scans are finding Adware. Have been working with moderator boopme on this problem. Per their recommendation I have scanned with SuperAntiSpyware, Malwarebytes and several other programs. The problem still plaguing this computer.


DDS (Ver_09-12-01.01) - NTFSx86
Run by ELZINGA'S at 13:27:50.64 on Sat 01/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.110 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\ELZINGA'S\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DriverCure] c:\program files\paretologic\drivercure\DriverCure.exe -scan
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunServicesOnce: [washindex] c:\program files\washer\washidx.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [MoneyStartUp10.0] "c:\program files\microsoft money\system\Activation.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\elzing~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
uPolicies-explorer: NoSetActiveDesktop = 30
IE: &Search - ?p=ZKman000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233358764046
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38197.5300115741
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-6 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1007020.00b\SymEFA.sys [2009-9-13 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1007020.00b\BHDrvx86.sys [2009-9-13 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1007020.00b\cchpx86.sys [2009-9-13 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100106.001\IDSXpx86.sys [2010-1-9 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.7.2.11\ccSvcHst.exe [2009-9-13 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-3 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100108.055\NAVENG.SYS [2010-1-9 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100108.055\NAVEX15.SYS [2010-1-9 1323568]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 dati1pdx;dati1pdx;\??\c:\docume~1\elzing~1\locals~1\temp\dati1pdx.sys --> c:\docume~1\elzing~1\locals~1\temp\dati1pdx.sys [?]
S3 dvolsnap;dvolsnap;\??\c:\docume~1\elzing~1\locals~1\temp\dvolsnap.sys --> c:\docume~1\elzing~1\locals~1\temp\dvolsnap.sys [?]
S3 grio8drv;grio8drv;\??\c:\docume~1\elzing~1\locals~1\temp\grio8drv.sys --> c:\docume~1\elzing~1\locals~1\temp\grio8drv.sys [?]
S3 husbd;husbd;\??\c:\docume~1\elzing~1\locals~1\temp\husbd.sys --> c:\docume~1\elzing~1\locals~1\temp\husbd.sys [?]
S3 iacpiec;iacpiec;\??\c:\docume~1\elzing~1\locals~1\temp\iacpiec.sys --> c:\docume~1\elzing~1\locals~1\temp\iacpiec.sys [?]
S3 iAimFP8;iAimFP8;c:\windows\system32\drivers\wADV11NT.sys [2004-8-4 11935]
S3 jrdpdr;jrdpdr;\??\c:\docume~1\elzing~1\locals~1\temp\jrdpdr.sys --> c:\docume~1\elzing~1\locals~1\temp\jrdpdr.sys [?]
S3 lmup;lmup;\??\c:\docume~1\elzing~1\locals~1\temp\lmup.sys --> c:\docume~1\elzing~1\locals~1\temp\lmup.sys [?]
S3 onwlnknb;onwlnknb;\??\c:\docume~1\elzing~1\locals~1\temp\onwlnknb.sys --> c:\docume~1\elzing~1\locals~1\temp\onwlnknb.sys [?]
S3 ssymtdi;ssymtdi;\??\c:\docume~1\elzing~1\locals~1\temp\ssymtdi.sys --> c:\docume~1\elzing~1\locals~1\temp\ssymtdi.sys [?]
S3 ximapi;ximapi;\??\c:\docume~1\elzing~1\locals~1\temp\ximapi.sys --> c:\docume~1\elzing~1\locals~1\temp\ximapi.sys [?]

=============== Created Last 30 ================

2010-01-08 18:24:03 0 d-----w- c:\program files\ESET
2010-01-08 10:07:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 10:07:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 17:04:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-07 17:03:50 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-07 17:03:49 0 d-----w- c:\docume~1\elzing~1\applic~1\SUPERAntiSpyware.com
2010-01-07 17:01:14 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-07 10:02:28 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-07 09:49:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-07 02:25:14 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-07 02:17:31 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-06 21:16:33 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-01-06 21:16:28 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2010-01-06 21:16:28 7423 ----a-w- c:\windows\system32\WUSB54GSv2.cat
2010-01-06 21:16:28 7419 ----a-w- c:\windows\system32\WUSB54GS.cat
2010-01-06 21:16:28 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2010-01-06 21:16:28 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2010-01-06 21:16:27 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2010-01-06 21:16:24 651264 ----a-w- c:\windows\system32\libeay32.dll
2010-01-06 21:16:24 147456 ----a-w- c:\windows\system32\ssleay32.dll
2010-01-06 21:16:24 1396831 ----a-w- c:\windows\system32\AegisE5.dll
2010-01-06 21:16:09 0 d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2010-01-04 11:27:53 282624 ----a-r- c:\windows\system32\HPZc3212.dll
2010-01-03 22:01:08 0 d-----w- c:\docume~1\elzing~1\applic~1\Malwarebytes
2010-01-03 22:00:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-03 22:00:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 21:29:55 0 ----a-w- c:\windows\system32\15724.exe
2010-01-03 21:09:55 0 ----a-w- c:\windows\system32\19169.exe
2010-01-03 18:06:37 1383 ----a-w- c:\windows\system32\WLAN.INI
2010-01-03 17:36:10 0 ----a-w- c:\windows\system32\26500.exe
2010-01-03 17:16:10 0 ----a-w- c:\windows\system32\6334.exe
2010-01-02 15:33:39 0 ----a-w- c:\windows\system32\18467.exe
2010-01-01 22:48:54 736123 ----a-w- c:\documents and settings\elzinga's\.recently-used.xbel
2010-01-01 21:46:49 70497 ----a-w- c:\program files\zebra.zip
2010-01-01 17:53:10 178030 ----a-w- c:\program files\fancypens.zip
2009-12-31 18:17:38 243098 ----a-w- c:\program files\popstar_autograph.zip
2009-12-31 15:35:09 175717 ----a-w- c:\program files\jellyka_castles_queen.zip
2009-12-31 15:33:01 652636 ----a-w- c:\program files\ginga.zip
2009-12-31 15:26:48 79738 ----a-w- c:\program files\broken_ghost.zip
2009-12-31 15:25:19 90604 ----a-w- c:\program files\the_maple_origins.zip
2009-12-31 15:24:47 92040 ----a-w- c:\program files\_ank.zip
2009-12-31 15:24:08 60328 ----a-w- c:\program files\birth_of_a_hero.zip
2009-12-31 15:21:18 103638 ----a-w- c:\program files\neon_nvb.zip
2009-12-31 15:19:58 86458 ----a-w- c:\program files\arista.zip
2009-12-31 15:18:31 84474 ----a-w- c:\program files\alba.zip
2009-12-31 15:17:04 8522 ----a-w- c:\program files\comic_andy.zip
2009-12-31 15:15:14 11919 ----a-w- c:\program files\honey_i_stole_your_.zip
2009-12-31 15:07:58 48152 ----a-w- c:\program files\kaileen.zip
2009-12-31 15:06:28 24766 ----a-w- c:\program files\jellyka_estrya_s_handwriting.zip
2009-12-31 15:03:42 103446 ----a-w- c:\program files\equestrian_by_darri.zip
2009-12-31 15:03:21 21741 ----a-w- c:\program files\yeehaw.zip
2009-12-31 15:03:15 74185 ----a-w- c:\program files\sakabe_animal_03.zip
2009-12-31 15:02:54 51182 ----a-w- c:\program files\dj_horses_1.zip
2009-12-31 14:59:10 19893 ----a-w- c:\program files\greenbeans.zip
2009-12-31 14:57:08 275652 ----a-w- c:\program files\flim_flam.zip
2009-12-31 14:56:55 50308 ----a-w- c:\program files\jabjai.zip
2009-12-31 14:56:31 21724 ----a-w- c:\program files\action_jackson.zip
2009-12-31 14:56:18 284771 ----a-w- c:\program files\green_piloww.zip
2009-12-31 14:56:14 58474 ----a-w- c:\program files\cheri.zip
2009-12-31 14:53:23 24399 ----a-w- c:\program files\vanilla_whale.zip
2009-12-31 14:52:09 89935 ----a-w- c:\program files\bleeding_cowboys.zip
2009-12-31 14:48:55 70468 ----a-w- c:\program files\Mostly_Mono.zip
2009-12-25 16:45:06 0 d-----w- c:\program files\MSXML 4.0
2009-12-24 18:51:58 0 d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2009-12-24 18:13:07 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-12-24 18:12:58 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-12-24 18:12:33 121344 ----a-w- c:\windows\system32\hpf3l083.dll
2009-12-24 18:12:30 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-12-24 18:12:08 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-12-24 18:11:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-12-24 18:11:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-12-24 18:11:26 974848 ----a-r- c:\windows\system32\hpost_p02b.dll
2009-12-24 18:11:26 737280 ----a-r- c:\windows\system32\hposwia_p02b.dll
2009-12-24 18:11:26 307200 ----a-r- c:\windows\system32\hposc_p02a.dll
2009-12-24 18:01:28 0 d-----w- c:\program files\common files\HP
2009-12-24 17:59:34 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-12-24 17:57:17 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-24 17:57:17 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-24 17:57:02 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-12-24 17:57:02 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-12-24 17:53:19 0 d-----w- c:\program files\HP
2009-12-24 17:48:22 652 ------w- c:\windows\hpomdl36.dat
2009-12-24 17:48:22 164059 ----a-w- c:\windows\hpoins36.dat
2009-12-20 17:53:17 92208 ------w- c:\windows\system32\Wing.dll
2009-12-20 17:53:17 6736 ------w- c:\windows\system32\Wingdib.drv
2009-12-20 17:53:17 5024 ------w- c:\windows\system32\Wingpal.wnd
2009-12-20 17:53:17 188960 ------w- c:\windows\system32\Wingde.dll
2009-12-20 17:53:17 12800 ------w- c:\windows\system32\Wing32.dll

==================== Find3M ====================

2009-12-31 14:41:37 70468 ----a-w- c:\windows\fonts\Mostly_Mono.zip
2009-12-30 20:46:54 90604 ----a-w- c:\windows\fonts\the_maple_origins.zip
2009-12-30 20:46:48 92040 ----a-w- c:\windows\fonts\_ank.zip
2009-12-30 20:46:37 157622 ----a-w- c:\windows\fonts\inked_god.zip
2009-12-30 20:46:26 60328 ----a-w- c:\windows\fonts\birth_of_a_hero.zip
2009-12-30 20:45:13 8946 ----a-w- c:\windows\fonts\resident_evil.zip
2009-12-30 20:43:33 21741 ----a-w- c:\windows\fonts\yeehaw.zip
2009-12-30 20:43:14 103446 ----a-w- c:\windows\fonts\equestrian_by_darri.zip
2009-12-30 20:42:49 51182 ----a-w- c:\windows\fonts\dj_horses_1.zip
2009-12-30 20:40:54 282423 ----a-w- c:\windows\fonts\green_piloww.zip
2009-12-30 20:38:10 175717 ----a-w- c:\windows\fonts\jellyka_castles_queen.zip
2009-12-30 20:38:03 122962 ----a-w- c:\windows\fonts\the_king_queen_font.zip
2009-12-30 20:37:53 88530 ----a-w- c:\windows\fonts\jellyka_saint_andrews_queen.zip
2009-12-30 20:37:13 64399 ----a-w- c:\windows\fonts\marathon.zip
2009-12-30 20:36:27 16574 ----a-w- c:\windows\fonts\writing_stuff.zip
2009-12-30 20:36:07 48152 ----a-w- c:\windows\fonts\kaileen.zip
2009-12-30 20:35:52 77042 ----a-w- c:\windows\fonts\journal.zip
2009-12-30 20:35:36 24766 ----a-w- c:\windows\fonts\jellyka_estrya_s_handwriting.zip
2009-12-30 20:35:23 243098 ----a-w- c:\windows\fonts\popstar_autograph.zip
2009-12-30 20:34:34 89935 ----a-w- c:\windows\fonts\bleeding_cowboys.zip
2009-12-30 20:33:31 16644 ----a-w- c:\windows\fonts\inky.zip
2009-12-30 20:33:00 36327 ----a-w- c:\windows\fonts\girls_are_weird.zip
2009-12-30 20:32:47 39205 ----a-w- c:\windows\fonts\kiss_me.zip
2009-12-30 20:32:38 178030 ----a-w- c:\windows\fonts\fancypens.zip
2009-12-30 20:31:07 234606 ----a-w- c:\windows\fonts\odstemplik.zip
2009-12-09 04:53:00 257960 ----a-w- c:\windows\fonts\Ginga.ttf
2009-12-09 04:53:00 257960 ----a-w- c:\program files\Ginga.ttf
2009-11-28 20:21:00 148896 ----a-w- c:\windows\fonts\Bleeding_Cowboys.ttf
2009-11-28 20:21:00 148896 ----a-w- c:\program files\Bleeding_Cowboys.ttf
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll
2009-10-23 10:08:00 151304 ----a-w- c:\windows\fonts\MostlyMono.ttf
2009-10-23 10:08:00 151304 ------w- c:\program files\MostlyMono.ttf
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\raschap.dll
2009-09-28 04:25:00 57068 ----a-w- c:\program files\popstarAutograph.otf
2009-09-27 12:14:00 178091 ----a-w- c:\program files\popstar.jpg
2009-09-27 11:47:00 38944 ----a-w- c:\program files\popstarAutograph.ttf
2009-09-15 18:38:00 381 ----a-w- c:\program files\USAGE.txt
2009-09-04 10:06:00 82 ------w- c:\program files\._.DS_Store
2009-09-04 10:06:00 6148 ------w- c:\program files\.DS_Store
2009-09-03 19:46:00 2712 ----a-w- c:\program files\JOEBOB graphics free trial font users license.txt
2009-06-23 17:40:00 34352 ----a-w- c:\program files\Greenbeans.ttf
2009-06-11 01:11:00 86912 ----a-w- c:\program files\DJ_horses_1.ttf
2009-05-08 22:40:00 33596 ----a-w- c:\program files\Neon.ttf
2009-04-30 00:06:19 63049904 ----a-w- c:\program files\avg_free_stf_en_85_285a1462
2009-04-01 20:41:00 16680 ----a-w- c:\program files\Comic_Andy.ttf
2009-02-27 19:26:00 177254 ----a-w- c:\program files\Flim-Flam.gif
2009-02-27 19:07:00 140576 ----a-w- c:\program files\Flim-Flam.ttf
2008-10-26 19:03:00 147604 ----a-w- c:\program files\FPENSTRIAL.ttf
2008-10-26 19:03:00 104352 ----a-w- c:\program files\FPENSTRIAL.otf
2008-08-02 05:15:00 35636 ----a-w- c:\program files\Jellyka_Estrya_Handwriting.ttf
2008-05-17 04:29:00 323352 ----a-w- c:\program files\Jellyka_Castle _s_Queen.ttf
2008-03-06 15:36:00 124079 ----a-w- c:\program files\BILLY-ARGEL-GREEN-PILOWW-3.jpg
2008-03-06 14:52:00 525436 ----a-w- c:\program files\GREENPIL.TTF
2007-10-10 13:46:00 59720 ----a-w- c:\program files\[z] Arista light.ttf
2007-10-10 13:46:00 57860 ----a-w- c:\program files\[z] Arista ExtraFilled.ttf
2007-09-24 20:59:00 57612 ----a-w- c:\program files\[z] Arista.ttf
2007-09-03 20:01:00 118920 ----a-w- c:\program files\BIRTH_OF_A_HERO.ttf
2007-07-20 22:28:00 108244 ----a-w- c:\program files\ZEBRAIRR.TTF
2007-07-19 13:53:00 118044 ----a-w- c:\program files\THE MAPLE ORIGINS.ttf
2006-12-27 02:50:00 147068 ----a-w- c:\program files\ank.ttf
2006-11-18 15:40:00 133344 ----a-w- c:\program files\BROKEN_GHOST.ttf
2005-06-04 01:28:00 59792 ------w- c:\program files\jabjai_light.TTF
2005-06-03 21:29:00 42276 ------w- c:\program files\jabjai_heavy.TTF
2005-03-12 21:21:00 9152 ----a-w- c:\program files\CHERI___.TTF
2005-03-12 21:21:00 15844 ----a-w- c:\program files\CHERL___.TTF
2004-09-19 05:31:00 35724 ----a-w- c:\program files\ALBAS___.TTF
2004-09-19 05:31:00 25232 ----a-w- c:\program files\ALBA____.TTF
2004-09-19 05:31:00 24548 ----a-w- c:\program files\ALBAM___.TTF
2004-05-04 04:17:00 78356 ----a-w- c:\program files\kaileenw.ttf
2004-02-22 22:44:00 46780 ----a-w- c:\program files\VANILLA.TTF
2001-10-25 19:11:00 34944 ----a-w- c:\program files\actionj.ttf
2001-10-08 15:35:00 115328 ------w- c:\program files\Sakabe-Animal03.ttf
1999-07-14 22:18:00 188500 ----a-w- c:\program files\Equestrian by Darrian.ttf
1998-11-26 04:39:00 14388 ----a-w- c:\program files\HONEY.TTF
1998-10-28 20:38:00 32012 ----a-w- c:\program files\YEEHAW.TTF

============= FINISH: 13:30:40.95 ===============

Attached File(s)

  • Attached File  Attach.txt (14.01K)
    Number of downloads: 3
  • Attached File  ark.txt (11.4K)
    Number of downloads: 4

This post has been edited by Jalene: 10 January 2010 - 09:11 AM

#2 User is offline   Jalene 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 06-January 10

Posted 14 January 2010 - 11:53 AM

5 days, no assistance... does this mean there is no resolve other than wiping out the computer and reinstalling XP????

#3 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 15 January 2010 - 05:38 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#4 User is offline   Jalene 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 06-January 10

Posted 15 January 2010 - 05:44 PM

Hi Myrti,
I will hook the computer up and work on it again in the morning.

I appreciate your assistance

#5 User is offline   Jalene 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 06-January 10

Posted 16 January 2010 - 10:01 AM

OTL logfile created on: 1/16/2010 9:34:00 AM - Run 1
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Documents and Settings\ELZINGA'S\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 57.00 Mb Available Physical Memory | 11.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 45.99 Gb Free Space | 61.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 38.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP
Current User Name: ELZINGA'S
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/16 09:32:52 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ELZINGA'S\Desktop\OTL.exe
PRC - [2010/01/05 07:56:02 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/08/22 01:32:54 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/05/25 08:54:12 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/25 08:54:12 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/21 21:54:18 | 00,116,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/27 18:13:44 | 00,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2007/09/17 18:59:22 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005/02/17 06:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/08/06 15:16:02 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2003/03/31 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2002/07/17 07:45:02 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2001/08/16 23:41:58 | 00,028,738 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2001/08/07 18:06:54 | 00,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [2001/05/01 16:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe


========== Modules (SafeList) ==========

MOD - [2010/01/16 09:32:52 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ELZINGA'S\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/06 21:23:39 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/22 01:32:54 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2009/05/25 08:54:12 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/21 22:13:36 | 00,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 22:03:06 | 00,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/03/26 20:59:53 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/03 20:05:42 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/12/03 20:05:32 | 00,044,544 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2001/05/01 16:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service)


========== Driver Services (SafeList) ==========

DRV - [2010/01/06 16:16:33 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/01/05 07:56:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/02 08:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/10/28 17:37:22 | 00,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/09/13 19:27:16 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/13 19:26:35 | 00,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\ccHPx86.sys -- (ccHP)
DRV - [2009/09/13 03:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/09/13 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/09/13 03:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/13 03:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/22 01:32:55 | 00,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1007020.00B\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 01:32:55 | 00,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 01:32:55 | 00,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 01:32:55 | 00,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 01:32:55 | 00,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 01:32:55 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1007020.00B\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 01:32:55 | 00,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/22 01:32:55 | 00,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/22 01:32:45 | 00,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/22 01:32:45 | 00,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2008/10/28 05:31:52 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2008/10/28 05:31:52 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2008/10/28 05:31:52 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/11/02 16:57:04 | 00,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/08/28 21:48:26 | 00,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/28 21:48:26 | 00,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/01/18 13:41:58 | 00,080,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/08/06 15:16:08 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/08/04 00:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/29 17:53:33 | 00,260,224 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/07/29 17:53:33 | 00,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2004/07/29 17:53:33 | 00,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2004/07/29 17:53:33 | 00,022,777 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2004/07/29 17:53:33 | 00,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/05/28 17:53:46 | 00,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/03/31 13:29:00 | 00,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/03/31 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/07/23 09:01:38 | 00,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/07/23 09:01:34 | 00,011,935 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV11NT.sys -- (iAimFP8)
DRV - [2002/07/23 09:01:32 | 00,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2002/07/23 09:01:32 | 00,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2002/07/23 09:01:32 | 00,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2002/07/23 09:01:30 | 00,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2002/07/23 09:01:30 | 00,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/07/23 09:01:28 | 00,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2002/07/23 09:01:28 | 00,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2002/07/23 09:01:28 | 00,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2002/07/23 09:01:26 | 00,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2002/07/23 09:01:26 | 00,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2002/07/23 09:01:24 | 00,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2002/07/23 09:01:22 | 00,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2002/07/23 09:01:22 | 00,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2002/07/23 09:01:20 | 00,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/17 09:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 07:20:04 | 00,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-1035525444-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1757981266-1035525444-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1757981266-1035525444-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1757981266-1035525444-725345543-1004\S-1-5-21-1757981266-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/24 13:09:41 | 00,000,000 | ---D | M]


O1 HOSTS File: (936 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1757981266-1035525444-725345543-1004\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1757981266-1035525444-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
O4 - HKU\S-1-5-21-1757981266-1035525444-725345543-1004..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe File not found
O4 - HKU\S-1-5-21-1757981266-1035525444-725345543-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1757981266-1035525444-725345543-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1757981266-1035525444-725345543-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1757981266-1035525444-725345543-1004..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\ELZINGA'S\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1757981266-1035525444-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1757981266-1035525444-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-1757981266-1035525444-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = Reg Error: Unknown registry data type File not found
O7 - HKU\S-1-5-21-1757981266-1035525444-725345543-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1233358764046 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8197.5300115741 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ELZINGA'S\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/07/29 14:07:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/06/01 02:09:00 | 00,000,051 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/16 09:32:45 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ELZINGA'S\Desktop\OTL.exe
[2010/01/09 13:23:53 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\ELZINGA'S\Desktop\RootRepeal.exe
[2010/01/08 13:24:03 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/08 05:07:27 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/08 05:07:17 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 19:36:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ELZINGA'S\My Documents\My Downloads
[2010/01/07 12:04:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/07 12:03:50 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/07 12:03:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ELZINGA'S\Application Data\SUPERAntiSpyware.com
[2010/01/07 12:01:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/07 11:58:03 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\ELZINGA'S\Desktop\ATF-Cleaner.exe
[2010/01/07 05:02:28 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/06 21:25:14 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/01/06 21:17:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/06 21:16:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/01/06 16:16:33 | 00,017,801 | ---- | C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2010/01/06 16:16:28 | 00,017,992 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\bcm42rly.sys
[2010/01/06 16:16:28 | 00,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.sys
[2010/01/06 16:16:24 | 01,396,831 | ---- | C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\AegisE5.dll
[2010/01/06 16:16:09 | 00,000,000 | ---D | C] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
[2010/01/04 06:27:53 | 00,282,624 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPZc3212.dll
[2010/01/03 17:01:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ELZINGA'S\Application Data\Malwarebytes
[2010/01/03 17:00:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/03 17:00:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/25 11:45:06 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/12/24 19:17:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ELZINGA'S\Local Settings\Application Data\HP
[2009/12/24 13:52:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ELZINGA'S\Application Data\HPAppData
[2009/12/24 13:51:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2009/12/24 13:14:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ELZINGA'S\Application Data\HP
[2009/12/24 13:13:07 | 00,016,496 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZipr12.sys
[2009/12/24 13:12:58 | 00,049,920 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZid412.sys
[2009/12/24 13:12:33 | 00,121,344 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpf3l083.dll
[2009/12/24 13:12:30 | 00,271,704 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2009/12/24 13:12:08 | 00,021,568 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZius12.sys
[2009/12/24 13:11:27 | 00,372,736 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2009/12/24 13:11:27 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2009/12/24 13:11:26 | 00,974,848 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpost_p02b.dll
[2009/12/24 13:11:26 | 00,737,280 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hposwia_p02b.dll
[2009/12/24 13:11:26 | 00,307,200 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hposc_p02a.dll
[2009/12/24 13:10:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ELZINGA'S\Application Data\Yahoo!
[2009/12/24 13:03:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2009/12/24 13:01:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2009/12/24 12:59:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/12/24 12:59:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2009/12/24 12:57:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/12/24 12:57:17 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/12/24 12:57:02 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/12/24 12:56:21 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2009/12/24 12:53:19 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009/12/20 12:53:17 | 00,188,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Wingde.dll
[2009/12/20 12:53:17 | 00,092,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Wing.dll
[2009/12/20 12:53:17 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Wing32.dll
[2009/12/20 12:53:17 | 00,006,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Wingdib.drv
[2009/12/20 12:53:17 | 00,005,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Wingpal.wnd
[2009/07/22 13:46:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/30 18:25:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/29 20:05:52 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/29 20:05:52 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/29 19:06:18 | 63,049,904 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_285a1462
[2008/11/08 08:47:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/11/08 08:47:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2005/09/04 11:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/16 09:32:52 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ELZINGA'S\Desktop\OTL.exe
[2010/01/16 09:32:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/16 09:16:58 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/16 09:16:52 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/16 09:16:44 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/16 09:16:39 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/16 09:13:08 | 00,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/01/16 09:05:42 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/16 09:05:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/16 09:04:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/16 09:04:40 | 53,537,9968 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/16 08:47:20 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/09 17:51:40 | 06,029,312 | ---- | M] () -- C:\Documents and Settings\ELZINGA'S\ntuser.dat
[2010/01/09 17:51:40 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\ELZINGA'S\ntuser.ini
[2010/01/09 13:32:48 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\ELZINGA'S\Desktop\settings.dat
[2010/01/09 13:23:57 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\ELZINGA'S\Desktop\RootRepeal.exe
[2010/01/09 13:17:25 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\ELZINGA'S\Desktop\dds.scr
[2010/01/08 05:07:32 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 12:04:19 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/07 12:00:18 | 07,520,288 | ---- | M] () -- C:\Documents and Settings\ELZINGA'S\Desktop\SUPERAntiSpyware.exe
[2010/01/07 11:58:04 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\ELZINGA'S\Desktop\ATF-Cleaner.exe
[2010/01/07 05:30:33 | 00,000,189 | ---- | M] () -- C:\Documents and Settings\ELZINGA'S\Desktop\ATT.NET - Email, News, Sports, Entertainment and Games.url
[2010/01/06 21:17:20 | 00,000,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/06 18:00:06 | 00,000,936 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/06 18:00:05 | 00,001,048 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100106-180005.backup
[2010/01/06 18:00:03 | 00,001,291 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100106-180003.backup
[2010/01/06 18:00:03 | 00,001,257 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100106-180004.backup
[2010/01/06 16:42:31 | 00,000,939 | ---- | M] () -- C:\Documents and Settings\ELZINGA'S\Desktop\Spybot - Search & Destroy.lnk
[2010/01/06 16:16:33 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2010/01/06 16:02:03 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2010/01/06 12:53:51 | 05,866,902 | -H-- | M] () -- C:\Documents and Settings\ELZINGA'S\Local Settings\Application Data\IconCache.db
[2010/01/03 16:29:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/01/03 16:09:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/01/03 15:49:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/03 15:29:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/03 15:09:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/03 13:10:41 | 00,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/03 13:10:41 | 00,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/03 13:10:40 | 00,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/02 11:19:41 | 00,043,384 | ---- | M] () -- C:\Documents and Settings\ELZINGA'S\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/02 09:58:05 | 00,163,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/01 17:48:55 | 00,736,123 | ---- | M] () -- C:\Documents and Settings\ELZINGA'S\.recently-used.xbel
[2010/01/01 16:46:50 | 00,070,497 | ---- | M] () -- C:\Program Files\zebra.zip
[2010/01/01 12:53:12 | 00,178,030 | ---- | M] () -- C:\Program Files\fancypens.zip
[2009/12/31 13:29:16 | 00,243,098 | ---- | M] () -- C:\Program Files\popstar_autograph.zip
[2009/12/31 10:35:10 | 00,175,717 | ---- | M] () -- C:\Program Files\jellyka_castles_queen.zip
[2009/12/31 10:33:14 | 00,652,636 | ---- | M] () -- C:\Program Files\ginga.zip
[2009/12/31 10:26:48 | 00,079,738 | ---- | M] () -- C:\Program Files\broken_ghost.zip
[2009/12/31 10:25:19 | 00,090,604 | ---- | M] () -- C:\Program Files\the_maple_origins.zip
[2009/12/31 10:24:47 | 00,092,040 | ---- | M] () -- C:\Program Files\_ank.zip
[2009/12/31 10:24:08 | 00,060,328 | ---- | M] () -- C:\Program Files\birth_of_a_hero.zip
[2009/12/31 10:21:19 | 00,103,638 | ---- | M] () -- C:\Program Files\neon_nvb.zip
[2009/12/31 10:19:58 | 00,086,458 | ---- | M] () -- C:\Program Files\arista.zip
[2009/12/31 10:18:31 | 00,084,474 | ---- | M] () -- C:\Program Files\alba.zip
[2009/12/31 10:17:04 | 00,008,522 | ---- | M] () -- C:\Program Files\comic_andy.zip
[2009/12/31 10:15:14 | 00,011,919 | ---- | M] () -- C:\Program Files\honey_i_stole_your_.zip
[2009/12/31 10:07:58 | 00,048,152 | ---- | M] () -- C:\Program Files\kaileen.zip
[2009/12/31 10:06:28 | 00,024,766 | ---- | M] () -- C:\Program Files\jellyka_estrya_s_handwriting.zip
[2009/12/31 10:03:42 | 00,103,446 | ---- | M] () -- C:\Program Files\equestrian_by_darri.zip
[2009/12/31 10:03:22 | 00,021,741 | ---- | M] () -- C:\Program Files\yeehaw.zip
[2009/12/31 10:03:15 | 00,074,185 | ---- | M] () -- C:\Program Files\sakabe_animal_03.zip
[2009/12/31 10:02:55 | 00,051,182 | ---- | M] () -- C:\Program Files\dj_horses_1.zip
[2009/12/31 09:59:10 | 00,019,893 | ---- | M] () -- C:\Program Files\greenbeans.zip
[2009/12/31 09:57:11 | 00,275,652 | ---- | M] () -- C:\Program Files\flim_flam.zip
[2009/12/31 09:56:55 | 00,050,308 | ---- | M] () -- C:\Program Files\jabjai.zip
[2009/12/31 09:56:31 | 00,021,724 | ---- | M] () -- C:\Program Files\action_jackson.zip
[2009/12/31 09:56:22 | 00,284,771 | ---- | M] () -- C:\Program Files\green_piloww.zip
[2009/12/31 09:56:14 | 00,058,474 | ---- | M] () -- C:\Program Files\cheri.zip
[2009/12/31 09:53:23 | 00,024,399 | ---- | M] () -- C:\Program Files\vanilla_whale.zip
[2009/12/31 09:52:09 | 00,089,935 | ---- | M] () -- C:\Program Files\bleeding_cowboys.zip
[2009/12/31 09:48:55 | 00,070,468 | ---- | M] () -- C:\Program Files\Mostly_Mono.zip
[2009/12/24 13:51:45 | 00,164,059 | ---- | M] () -- C:\WINDOWS\hpoins36.dat
[2009/12/24 13:14:13 | 00,000,684 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/24 13:04:47 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2009/12/24 13:03:46 | 00,001,024 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/12/24 13:02:21 | 00,001,814 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/12/24 13:01:04 | 00,001,991 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Photo Gallery.lnk
[2009/12/21 23:09:36 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\ELZINGA'S\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/20 12:53:40 | 00,000,974 | ---- | M] () -- C:\WINDOWS\EReg077.dat
[2009/12/20 12:53:25 | 00,000,249 | ---- | M] () -- C:\WINDOWS\TLCAPPS.INI
[2009/12/20 11:57:10 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\ELZINGA'S\My Documents\July.wps
[2009/12/20 11:47:36 | 00,152,064 | ---- | M] () -- C:\Documents and Settings\ELZINGA'S\My Documents\January.wps
[2009/12/19 10:22:05 | 00,000,305 | ---- | M] () -- C:\WINDOWS\ka.ini
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/16 09:16:57 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/09 13:32:48 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\ELZINGA'S\Desktop\settings.dat
[2010/01/09 13:13:52 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\ELZINGA'S\Desktop\dds.scr
[2010/01/08 10:24:05 | 53,537,9968 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/08 05:07:32 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/07 12:04:19 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/07 12:00:17 | 07,520,288 | ---- | C] () -- C:\Documents and Settings\ELZINGA'S\Desktop\SUPERAntiSpyware.exe
[2010/01/07 04:49:46 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/01/06 21:27:15 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/06 21:27:15 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/06 21:27:15 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/06 21:27:15 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/06 21:17:20 | 00,000,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/06 16:42:31 | 00,000,939 | ---- | C] () -- C:\Documents and Settings\ELZINGA'S\Desktop\Spybot - Search & Destroy.lnk
[2010/01/06 16:16:28 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/01/06 16:16:28 | 00,007,423 | ---- | C] () -- C:\WINDOWS\System32\WUSB54GSv2.cat
[2010/01/06 16:16:28 | 00,007,419 | ---- | C] () -- C:\WINDOWS\System32\WUSB54GS.cat
[2010/01/06 16:16:27 | 00,031,930 | ---- | C] () -- C:\WINDOWS\System32\GTNDIS3.VXD
[2010/01/06 16:16:24 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/01/06 16:16:24 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/01/06 09:44:48 | 00,000,189 | ---- | C] () -- C:\Documents and Settings\ELZINGA'S\Desktop\ATT.NET - Email, News, Sports, Entertainment and Games.url
[2010/01/03 16:29:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/01/03 16:09:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/01/03 13:06:37 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/01/03 12:36:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/03 12:16:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/02 10:33:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/01 17:48:54 | 00,736,123 | ---- | C] () -- C:\Documents and Settings\ELZINGA'S\.recently-used.xbel
[2010/01/01 16:47:39 | 00,108,244 | ---- | C] () -- C:\Program Files\ZEBRAIRR.TTF
[2010/01/01 16:46:49 | 00,070,497 | ---- | C] () -- C:\Program Files\zebra.zip
[2010/01/01 12:53:30 | 00,147,604 | ---- | C] () -- C:\Program Files\FPENSTRIAL.ttf
[2010/01/01 12:53:30 | 00,002,712 | ---- | C] () -- C:\Program Files\JOEBOB graphics free trial font users license.txt
[2010/01/01 12:53:29 | 00,104,352 | ---- | C] () -- C:\Program Files\FPENSTRIAL.otf
[2010/01/01 12:53:10 | 00,178,030 | ---- | C] () -- C:\Program Files\fancypens.zip
[2009/12/31 13:29:38 | 00,000,381 | ---- | C] () -- C:\Program Files\USAGE.txt
[2009/12/31 13:29:37 | 00,057,068 | ---- | C] () -- C:\Program Files\popstarAutograph.otf
[2009/12/31 13:29:37 | 00,038,944 | ---- | C] () -- C:\Program Files\popstarAutograph.ttf
[2009/12/31 13:29:36 | 00,178,091 | ---- | C] () -- C:\Program Files\popstar.jpg
[2009/12/31 13:17:38 | 00,243,098 | ---- | C] () -- C:\Program Files\popstar_autograph.zip
[2009/12/31 10:35:21 | 00,323,352 | ---- | C] () -- C:\Program Files\Jellyka_Castle _s_Queen.ttf
[2009/12/31 10:35:09 | 00,175,717 | ---- | C] () -- C:\Program Files\jellyka_castles_queen.zip
[2009/12/31 10:33:27 | 00,257,960 | ---- | C] () -- C:\Program Files\Ginga.ttf
[2009/12/31 10:33:01 | 00,652,636 | ---- | C] () -- C:\Program Files\ginga.zip
[2009/12/31 10:26:59 | 00,133,344 | ---- | C] () -- C:\Program Files\BROKEN_GHOST.ttf
[2009/12/31 10:26:48 | 00,079,738 | ---- | C] () -- C:\Program Files\broken_ghost.zip
[2009/12/31 10:25:31 | 00,118,044 | ---- | C] () -- C:\Program Files\THE MAPLE ORIGINS.ttf
[2009/12/31 10:25:19 | 00,090,604 | ---- | C] () -- C:\Program Files\the_maple_origins.zip
[2009/12/31 10:24:58 | 00,147,068 | ---- | C] () -- C:\Program Files\ank.ttf
[2009/12/31 10:24:47 | 00,092,040 | ---- | C] () -- C:\Program Files\_ank.zip
[2009/12/31 10:24:22 | 00,118,920 | ---- | C] () -- C:\Program Files\BIRTH_OF_A_HERO.ttf
[2009/12/31 10:24:08 | 00,060,328 | ---- | C] () -- C:\Program Files\birth_of_a_hero.zip
[2009/12/31 10:21:34 | 00,033,596 | ---- | C] () -- C:\Program Files\Neon.ttf
[2009/12/31 10:21:18 | 00,103,638 | ---- | C] () -- C:\Program Files\neon_nvb.zip
[2009/12/31 10:20:12 | 00,059,720 | ---- | C] () -- C:\Program Files\[z] Arista light.ttf
[2009/12/31 10:20:12 | 00,057,860 | ---- | C] () -- C:\Program Files\[z] Arista ExtraFilled.ttf
[2009/12/31 10:20:12 | 00,057,612 | ---- | C] () -- C:\Program Files\[z] Arista.ttf
[2009/12/31 10:19:58 | 00,086,458 | ---- | C] () -- C:\Program Files\arista.zip
[2009/12/31 10:18:48 | 00,035,724 | ---- | C] () -- C:\Program Files\ALBAS___.TTF
[2009/12/31 10:18:48 | 00,024,548 | ---- | C] () -- C:\Program Files\ALBAM___.TTF
[2009/12/31 10:18:47 | 00,025,232 | ---- | C] () -- C:\Program Files\ALBA____.TTF
[2009/12/31 10:18:31 | 00,084,474 | ---- | C] () -- C:\Program Files\alba.zip
[2009/12/31 10:17:24 | 00,016,680 | ---- | C] () -- C:\Program Files\Comic_Andy.ttf
[2009/12/31 10:17:04 | 00,008,522 | ---- | C] () -- C:\Program Files\comic_andy.zip
[2009/12/31 10:15:28 | 00,014,388 | ---- | C] () -- C:\Program Files\HONEY.TTF
[2009/12/31 10:15:14 | 00,011,919 | ---- | C] () -- C:\Program Files\honey_i_stole_your_.zip
[2009/12/31 10:08:10 | 00,078,356 | ---- | C] () -- C:\Program Files\kaileenw.ttf
[2009/12/31 10:07:58 | 00,048,152 | ---- | C] () -- C:\Program Files\kaileen.zip
[2009/12/31 10:06:59 | 00,035,636 | ---- | C] () -- C:\Program Files\Jellyka_Estrya_Handwriting.ttf
[2009/12/31 10:06:44 | 00,086,912 | ---- | C] () -- C:\Program Files\DJ_horses_1.ttf
[2009/12/31 10:06:28 | 00,024,766 | ---- | C] () -- C:\Program Files\jellyka_estrya_s_handwriting.zip
[2009/12/31 10:04:40 | 00,115,328 | ---- | C] () -- C:\Program Files\Sakabe-Animal03.ttf
[2009/12/31 10:04:28 | 00,188,500 | ---- | C] () -- C:\Program Files\Equestrian by Darrian.ttf
[2009/12/31 10:04:05 | 00,032,012 | ---- | C] () -- C:\Program Files\YEEHAW.TTF
[2009/12/31 10:03:42 | 00,103,446 | ---- | C] () -- C:\Program Files\equestrian_by_darri.zip
[2009/12/31 10:03:21 | 00,021,741 | ---- | C] () -- C:\Program Files\yeehaw.zip
[2009/12/31 10:03:15 | 00,074,185 | ---- | C] () -- C:\Program Files\sakabe_animal_03.zip
[2009/12/31 10:02:54 | 00,051,182 | ---- | C] () -- C:\Program Files\dj_horses_1.zip
[2009/12/31 10:00:39 | 00,034,352 | ---- | C] () -- C:\Program Files\Greenbeans.ttf
[2009/12/31 10:00:26 | 00,177,254 | ---- | C] () -- C:\Program Files\Flim-Flam.gif
[2009/12/31 10:00:26 | 00,140,576 | ---- | C] () -- C:\Program Files\Flim-Flam.ttf
[2009/12/31 10:00:14 | 00,059,792 | ---- | C] () -- C:\Program Files\jabjai_light.TTF
[2009/12/31 10:00:14 | 00,042,276 | ---- | C] () -- C:\Program Files\jabjai_heavy.TTF
[2009/12/31 10:00:04 | 00,034,944 | ---- | C] () -- C:\Program Files\actionj.ttf
[2009/12/31 09:59:47 | 00,525,436 | ---- | C] () -- C:\Program Files\GREENPIL.TTF
[2009/12/31 09:59:46 | 00,124,079 | ---- | C] () -- C:\Program Files\BILLY-ARGEL-GREEN-PILOWW-3.jpg
[2009/12/31 09:59:26 | 00,015,844 | ---- | C] () -- C:\Program Files\CHERL___.TTF
[2009/12/31 09:59:26 | 00,009,152 | ---- | C] () -- C:\Program Files\CHERI___.TTF
[2009/12/31 09:59:10 | 00,019,893 | ---- | C] () -- C:\Program Files\greenbeans.zip
[2009/12/31 09:57:08 | 00,275,652 | ---- | C] () -- C:\Program Files\flim_flam.zip
[2009/12/31 09:56:55 | 00,050,308 | ---- | C] () -- C:\Program Files\jabjai.zip
[2009/12/31 09:56:31 | 00,021,724 | ---- | C] () -- C:\Program Files\action_jackson.zip
[2009/12/31 09:56:18 | 00,284,771 | ---- | C] () -- C:\Program Files\green_piloww.zip
[2009/12/31 09:56:14 | 00,058,474 | ---- | C] () -- C:\Program Files\cheri.zip
[2009/12/31 09:53:37 | 00,046,780 | ---- | C] () -- C:\Program Files\VANILLA.TTF
[2009/12/31 09:53:23 | 00,024,399 | ---- | C] () -- C:\Program Files\vanilla_whale.zip
[2009/12/31 09:52:24 | 00,148,896 | ---- | C] () -- C:\Program Files\Bleeding_Cowboys.ttf
[2009/12/31 09:52:09 | 00,089,935 | ---- | C] () -- C:\Program Files\bleeding_cowboys.zip
[2009/12/31 09:49:12 | 00,151,304 | ---- | C] () -- C:\Program Files\MostlyMono.ttf
[2009/12/31 09:49:11 | 00,006,148 | ---- | C] () -- C:\Program Files\.DS_Store
[2009/12/31 09:49:11 | 00,000,082 | ---- | C] () -- C:\Program Files\._.DS_Store
[2009/12/31 09:48:55 | 00,070,468 | ---- | C] () -- C:\Program Files\Mostly_Mono.zip
[2009/12/24 13:04:47 | 00,000,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2009/12/24 13:03:46 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/12/24 13:02:21 | 00,001,814 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/12/24 13:01:04 | 00,001,991 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Photo Gallery.lnk
[2009/12/24 12:48:24 | 00,001,143 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/12/24 12:48:22 | 00,164,059 | ---- | C] () -- C:\WINDOWS\hpoins36.dat
[2009/12/24 12:48:22 | 00,000,652 | ---- | C] () -- C:\WINDOWS\hpomdl36.dat
[2009/12/20 11:52:33 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\ELZINGA'S\My Documents\July.wps
[2009/12/20 11:47:36 | 00,152,064 | ---- | C] () -- C:\Documents and Settings\ELZINGA'S\My Documents\January.wps
[2009/10/09 20:13:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2009/03/14 13:44:28 | 00,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/07/16 09:51:46 | 00,000,043 | ---- | C] () -- C:\WINDOWS\spookydisplay.ini
[2007/08/11 08:42:06 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/09 12:12:13 | 00,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/09 12:07:25 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/12/14 07:07:09 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2006/12/14 07:06:46 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2006/12/14 07:06:44 | 00,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2006/09/25 00:20:50 | 00,000,899 | ---- | C] () -- C:\WINDOWS\MYSTERY.INI
[2006/09/24 23:54:10 | 00,000,157 | ---- | C] () -- C:\WINDOWS\XmasSlot.ini
[2006/09/24 23:43:58 | 00,000,200 | ---- | C] () -- C:\WINDOWS\WBKENO.INI
[2006/09/02 22:34:50 | 00,000,125 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/09/02 22:34:32 | 00,000,170 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2006/06/20 20:48:38 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\ELZINGA'S\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/19 21:53:55 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/06/19 20:37:36 | 00,000,404 | ---- | C] () -- C:\WINDOWS\2XStars.ini
[2006/06/19 20:36:36 | 00,000,436 | ---- | C] () -- C:\WINDOWS\Win95dll.ini
[2006/06/16 18:28:00 | 00,000,340 | ---- | C] () -- C:\WINDOWS\mswgidll.ini
[2006/06/15 20:49:35 | 00,000,027 | ---- | C] () -- C:\WINDOWS\Arcade.ini
[2006/06/15 20:39:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Totrecal.INI
[2006/06/15 20:14:14 | 00,000,892 | ---- | C] () -- C:\WINDOWS\8BALL.INI
[2006/06/14 22:23:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Solcon.INI
[2006/06/14 17:54:00 | 00,001,168 | ---- | C] () -- C:\WINDOWS\msvxdll.ini
[2006/06/14 16:23:03 | 00,000,027 | ---- | C] () -- C:\WINDOWS\Botz.ini
[2006/06/14 16:19:44 | 00,000,371 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2006/06/14 16:19:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Gamchest.INI
[2006/06/14 16:17:00 | 00,000,099 | ---- | C] () -- C:\WINDOWS\Ultisoft.ini
[2006/06/14 16:17:00 | 00,000,009 | ---- | C] () -- C:\WINDOWS\Collida.ini
[2006/06/14 16:17:00 | 00,000,009 | ---- | C] () -- C:\WINDOWS\Brick.ini
[2005/08/26 10:23:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
[2005/05/29 08:18:57 | 00,000,035 | ---- | C] () -- C:\WINDOWS\LAAnimal.ini
[2005/03/22 19:44:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/12/27 07:04:25 | 00,000,050 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/11/05 17:02:35 | 00,000,382 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/09/26 07:32:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/09/26 07:32:28 | 00,000,085 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2004/09/12 16:56:24 | 00,000,249 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/09/06 15:18:01 | 00,000,298 | ---- | C] () -- C:\WINDOWS\Chutes.ini
[2004/08/28 10:20:32 | 00,002,326 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/08/23 19:51:07 | 00,001,408 | ---- | C] () -- C:\WINDOWS\wmuncher.ini
[2004/08/20 17:53:27 | 00,000,305 | ---- | C] () -- C:\WINDOWS\ka.ini
[2004/08/20 11:50:48 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/08/20 11:47:15 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/08/06 15:42:25 | 00,000,027 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/08/06 15:42:25 | 00,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/07/29 14:40:38 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
< End of report >


OTL Extras logfile created on: 1/16/2010 9:34:00 AM - Run 1
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Documents and Settings\ELZINGA'S\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 57.00 Mb Available Physical Memory | 11.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 45.99 Gb Free Space | 61.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 38.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP
Current User Name: ELZINGA'S
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9999:TCP" = 9999:TCP:LocalSubNet:Enabled:DNA
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 7.0\waol.exe" = C:\Program Files\America Online 7.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1798227A-AA89-4C78-AF55-56A38E654788}" = Belkin F5D5000 Desktop PCI Card Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{52739DCE-5B87-42AB-B232-F21990B3E2B0}" = Competitions at Rosemond Hill
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 810/810E/815/815E/815EM Chipset Graphics Driver Software
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A4D6DDE3-31D5-4DD7-BD49-6A184AE619A8}" = The Diamond Mystery in Rosemond Valley
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DB299A0A-69B8-4DD2-BB76-A17CF14CE649}" = Lets Ride Corral Club
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F9B41170-7E44-480A-AD4A-CCD8FFFB3754}" = Master of the Skies - The Red Ace
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"Barbie™ Horse Adventures™" = Barbie™ Horse Adventures™
"BroadJump Client Foundation" = BroadJump Client Foundation
"Championship Bass" = Championship Bass
"Deer Hunt Challenge SE" = Deer Hunt Challenge SE
"ESET Online Scanner" = ESET Online Scanner v3
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IETChutesDKey" = Chutes and Ladders
"igLoader" = igLoader
"Indeo® software" = Indeo® software
"InstallShield_{DB299A0A-69B8-4DD2-BB76-A17CF14CE649}" = Lets Ride Corral Club
"InterActual Player" = InterActual Player
"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MathRock" = Schoolhouse Rock: Math Rock
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"Network Play System" = EA Network Play System
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickTime" = QuickTime
"Read6932.exe" = Reader Rabbit's Reading Ages 6-9
"RealPlayer 6.0" = RealPlayer Basic
"rrm69_32.exe" = Reader Rabbit's Math Ages 6-9
"Scholastic's I SPY Spooky Mansion" = Scholastic's I SPY Spooky Mansion
"SereneScreen Marine Aquarium 2_is1" = SereneScreen Marine Aquarium 2
"Shop for HP Supplies" = Shop for HP Supplies
"SHRThinkingGames" = Schoolhouse Rock Thinking Games
"ST5UNST #1" = PD Particles
"The Legacy of Rosemond Hill" = The Legacy of Rosemond Hill
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.6
"WMDXCD10" = Word Munchers Deluxe
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works and Money 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1757981266-1035525444-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/6/2010 10:54:36 PM | Computer Name = HP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/6/2010 10:56:16 PM | Computer Name = HP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/6/2010 10:57:00 PM | Computer Name = HP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2010 12:40:42 AM | Computer Name = HP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2010 12:41:18 AM | Computer Name = HP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2010 12:42:21 AM | Computer Name = HP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2010 1:48:40 AM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

Error - 1/9/2010 10:30:11 AM | Computer Name = HP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 1/16/2010 10:03:11 AM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module imagehlp.dll, version 5.1.2600.5512, fault address 0x00004654.

Error - 1/16/2010 10:29:04 AM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 130.0.376.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

[ System Events ]
Error - 1/9/2010 2:10:19 PM | Computer Name = HP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 1/9/2010 4:05:22 PM | Computer Name = HP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/9/2010 4:05:22 PM | Computer Name = HP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/16/2010 9:47:34 AM | Computer Name = HP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/16/2010 9:47:34 AM | Computer Name = HP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/16/2010 9:54:17 AM | Computer Name = HP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 1/16/2010 10:05:11 AM | Computer Name = HP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/16/2010 10:05:11 AM | Computer Name = HP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/16/2010 10:32:30 AM | Computer Name = HP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service
service to connect.

Error - 1/16/2010 10:32:30 AM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%1053


< End of report >

#6 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 16 January 2010 - 10:42 AM

Hi,

please also run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#7 User is offline   Jalene 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 06-January 10

Posted 16 January 2010 - 11:42 AM

Working on it... The computer keeps freezing. I think I have the log but may need to reboot to access it since the computer froze again...

Thanks,
Jalene

#8 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 16 January 2010 - 12:03 PM

Hi,

please try running it in safe mode if you can't get it to work in normal mode. If that doesn't work let me know and we will find another way.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#9 User is offline   Jalene 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 06-January 10

Posted 16 January 2010 - 12:42 PM

It freezes everytime it gets to C:\WINDOWS\system32\drivers\atapi.sys

and when the first scan runs, before I click the SCAN button, it says suspicious modification about the very same item.

I need to reboot again as the scan locked up. The GMER program does not show up to run in safe mode.


#10 User is offline   Jalene 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 06-January 10

Posted 16 January 2010 - 12:50 PM

Here is the last line from the first scan, from as soon as GMER starts:

C:\WINDOWS\system32\drivers\atapi.sys suspicious modification


#11 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 16 January 2010 - 12:51 PM

Hi,

I suspected as much. If you can not get gmer to run, then please run mbr instead:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#12 User is offline   Jalene 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 06-January 10

Posted 16 January 2010 - 01:25 PM

Hi myrti, I may need more direction...

I clicked to download mbr and saved it to the c drive. Then I continued on with your instructions, the reply I get is 'c:\mbr.exe-t' is not recognized as an internal or external command, operable program or batch file.

I must be making a mistake in how I am doing this...

Please advise

P.S. Yes, the C drive is the main drive...

This post has been edited by Jalene: 16 January 2010 - 01:27 PM

#13 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 16 January 2010 - 01:58 PM

Hi,

you need to leave a blank between C:\mbr.exe and -t. If the command is successful, you will find a log called mbr.log in C:\, please post its content. The log does not open on its own.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#14 User is offline   Jalene 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 06-January 10

Posted 16 January 2010 - 02:07 PM

Ok, Thank you. Here is the log...


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82AED841]<<
kernel: MBR read successfully
user & kernel MBR OK

#15 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 16 January 2010 - 04:36 PM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users