Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cmd.exe net.exe net1.exe multiple copies running


  • This topic is locked This topic is locked
16 replies to this topic

#1 mboensch

mboensch

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 13 January 2010 - 03:43 PM

I am not sure on what is happening. Multiple copies of cmd.exe net.exe net1.exe keep popping up and running more copies.

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:52 PM, on 1/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IDrive\IDriveWebM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Ditto\Ditto.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\IDrive\IDriveEBackground.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\ASUS\AASP\1.00.78\aaCenter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Program Files\IDrive\IDriveE Service.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 69.253.151.209 idenupdate.motorola.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: (no name) - {42BD52D4-B29D-4E31-9EEF-A96F5404A447} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {cb13b07d-c73d-45d4-8282-6a186dcd131e} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HPWU_MPM_Agent] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IHTWINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDrive\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
O4 - Startup: IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1896F800-6EFB-422F-A04B-AA7D44D9A4A9} (Netvisiondvr Control) - http://70.43.179.86/WebClient.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} (Remote200 Control) - http://70.43.179.87/RemoteWeb.cab
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} (CViewerControl Object) - http://70.43.179.87/VideoViewer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1254530975031
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://cam01.msutoday.msu.edu/activex/AMC.cab
O16 - DPF: {E87A4CD6-BA5F-4552-BC4F-8EC240A2755C} (WebRecClient Control) - http://70.43.179.84/webrec.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtsQHxv - C:\WINDOWS\
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate1c9e913f9a4d730) (gupdate1c9e913f9a4d730) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDrive\IDriveE Service.exe
O23 - Service: IDrivePlugin - Pro-Softnet - C:\Program Files\IDrive\IDriveWebM.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

--
End of file - 15829 bytes


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:00 PM

Posted 13 January 2010 - 07:57 PM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 mboensch

mboensch
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 14 January 2010 - 12:14 AM

I ran Malwarebytes' Anti-Malware earlier in the day and here is what it came up with:

Malwarebytes' Anti-Malware 1.44
Database version: 3555
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/13/2010 2:39:45 PM
mbam-log-2010-01-13 (14-39-45).txt

Scan type: Quick Scan
Objects scanned: 115331
Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.


OTL logfile created on: 1/14/2010 12:03:20 AM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Michael Boensch\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 6.63 Gb Free Space | 22.64% Space Free | Partition Type: NTFS
Drive D: | 85.20 Gb Total Space | 53.16 Gb Free Space | 62.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 233.76 Gb Total Space | 116.60 Gb Free Space | 49.88% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 389.74 Gb Free Space | 83.68% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: TOWER
Current User Name: Michael Boensch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/13 23:47:52 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Boensch\Desktop\OTL.exe
PRC - [2010/01/10 12:43:45 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2010/01/10 12:43:44 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/22 12:41:29 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/22 15:44:16 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/11/03 11:42:39 | 00,123,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.247\SymcPCCULaunchSvc.exe
PRC - [2009/10/23 14:59:17 | 00,189,248 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2009/10/23 14:59:04 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/10/14 08:30:26 | 00,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/09/21 15:05:47 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/21 15:05:16 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/03 16:17:14 | 03,342,336 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2009/08/24 17:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.247\ccSvcHst.exe
PRC - [2009/08/22 01:37:15 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/19 09:23:24 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 09:23:22 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/07/21 13:02:11 | 02,707,526 | ---- | M] (Zinio, LLC) -- C:\Program Files\Zinio\ZinioReader.exe
PRC - [2009/03/09 18:36:32 | 01,867,776 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\IDrive\IDriveETray.exe
PRC - [2009/03/09 09:06:38 | 00,135,168 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\IDrive\IDriveE Service.exe
PRC - [2009/03/09 09:05:46 | 00,036,864 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\IDrive\IDriveEBackground.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/17 15:28:30 | 01,365,304 | ---- | M] (U3 LLC) -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
PRC - [2008/10/03 09:32:26 | 00,622,080 | ---- | M] () -- C:\Program Files\ASUS\AASP\1.00.78\aaCenter.exe
PRC - [2008/10/02 11:39:34 | 02,137,600 | ---- | M] (ASUS) -- C:\Program Files\ASUS\PC Probe II\Probe2.exe
PRC - [2008/07/01 17:52:22 | 00,058,832 | ---- | M] ( Pro-Softnet) -- C:\Program Files\IDrive\IDriveWebM.exe
PRC - [2008/05/01 23:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/13 19:12:29 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\net1.exe
PRC - [2008/04/13 19:12:29 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\net.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2008/01/17 15:25:38 | 00,876,544 | ---- | M] (CNET Networks, Inc.) -- C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
PRC - [2007/10/25 15:37:32 | 02,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/10/25 15:33:22 | 00,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/10/25 15:32:58 | 00,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/10/19 12:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 12:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/07/09 17:46:50 | 00,106,496 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/06/13 14:15:39 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007/01/30 00:52:06 | 00,688,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/01/23 14:44:00 | 00,101,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2007/01/01 16:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/13 12:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/09/29 08:57:36 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2006/09/29 08:57:30 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2006/09/06 18:44:20 | 16,262,656 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006/07/26 17:21:24 | 00,053,248 | R--- | M] (General) -- C:\WINDOWS\system32\umonit.exe
PRC - [2006/04/07 15:02:24 | 01,343,488 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2005/12/12 15:03:54 | 00,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 15:02:24 | 00,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2005/09/22 16:01:54 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/07/23 02:18:44 | 00,352,256 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
PRC - [2005/04/18 11:16:02 | 00,073,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Profiler\LWEMon.exe
PRC - [2004/11/22 01:23:56 | 00,106,496 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
PRC - [2004/11/22 01:22:36 | 00,188,416 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2004/08/04 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/03/18 08:33:26 | 00,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2003/10/31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2003/05/08 12:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2003/03/05 13:49:00 | 00,335,872 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\WinVNC\winvnc.exe
PRC - [2002/07/02 17:56:00 | 00,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/13 23:47:52 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Boensch\Desktop\OTL.exe
MOD - [2008/07/25 11:17:20 | 00,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/07/25 11:17:20 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
MOD - [2008/05/01 23:15:35 | 00,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/04/13 19:11:52 | 00,367,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll
MOD - [2007/10/19 12:19:10 | 00,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2007/01/30 00:47:46 | 00,044,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2007/01/30 00:46:56 | 00,057,344 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\gamehook.dll
MOD - [2004/03/18 08:26:50 | 00,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll
MOD - [2004/03/18 08:26:48 | 00,114,688 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/05/08 12:00:46 | 00,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll
MOD - [2002/11/05 11:05:30 | 00,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/01/10 12:43:44 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/22 15:44:16 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/11/03 11:42:39 | 00,123,248 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.247\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2009/10/23 14:59:17 | 00,189,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/10/23 14:59:04 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/10/14 08:30:26 | 00,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/09/21 15:05:16 | 01,028,432 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/24 17:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.247\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/08/22 01:37:15 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2009/06/09 10:06:48 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e913f9a4d730) Google Update Service (gupdate1c9e913f9a4d730)
SRV - [2009/06/09 10:06:10 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/09 09:06:38 | 00,135,168 | ---- | M] (Pro Softnet Corporation) [Auto | Start_Pending] -- C:\Program Files\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2008/07/01 17:52:22 | 00,058,832 | ---- | M] ( Pro-Softnet) [Auto | Running] -- C:\Program Files\IDrive\IDriveWebM.exe -- (IDrivePlugin)
SRV - [2007/10/19 12:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 12:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 12:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/07/09 17:46:50 | 00,106,496 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/06/13 14:15:39 | 00,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/06/13 13:29:00 | 00,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2006/10/26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/12/12 15:02:24 | 00,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/09/22 16:01:54 | 00,053,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/03/05 13:49:00 | 00,335,872 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\WinVNC\WinVNC.exe -- (winvnc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-839522115-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-839522115-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-839522115-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-839522115-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-839522115-1580436667-725345543-1003\S-1-5-21-839522115-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/13 18:44:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/13 18:44:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/10/02 22:34:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/01/10 12:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\Mozilla\Extensions
[2010/01/13 23:44:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\Mozilla\Firefox\Profiles\dodsup3j.default\extensions
[2010/01/10 12:49:22 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Michael Boensch\Application Data\Mozilla\Firefox\Profiles\dodsup3j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/13 23:44:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/19 07:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/08/03 14:07:42 | 00,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/03/30 16:13:54 | 00,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll

O1 HOSTS File: (372861 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 69.253.151.209 idenupdate.motorola.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 12875 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - No CLSID value found.
O2 - BHO: (no name) - {42BD52D4-B29D-4E31-9EEF-A96F5404A447} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (no name) - {cb13b07d-c73d-45d4-8282-6a186dcd131e} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-839522115-1580436667-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-839522115-1580436667-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HPWU_MPM_Agent] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe ()
O4 - HKLM..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IHTWINCINEMAMGR] C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch PC Probe II] C:\Program Files\ASUS\PC Probe II\Probe2.exe (ASUS)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe (General)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [WinDVR SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\RealVNC\WinVNC\WinVNC.exe (RealVNC Ltd.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-839522115-1580436667-725345543-1003..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-839522115-1580436667-725345543-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-839522115-1580436667-725345543-1003..\Run: [IDriveE Startup] C:\Program Files\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKU\S-1-5-21-839522115-1580436667-725345543-1003..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-839522115-1580436667-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-839522115-1580436667-725345543-1003..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Profiler\lwemon.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-839522115-1580436667-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-839522115-1580436667-725345543-1003..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-839522115-1580436667-725345543-1003..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Michael Boensch\Start Menu\Programs\Startup\GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe (CNET Networks, Inc.)
O4 - Startup: C:\Documents and Settings\Michael Boensch\Start Menu\Programs\Startup\HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe File not found
O4 - Startup: C:\Documents and Settings\Michael Boensch\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O4 - Startup: C:\Documents and Settings\Michael Boensch\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Michael Boensch\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = CF FF F7 03 [binary data]
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-839522115-1580436667-725345543-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
O16 - DPF: {1896F800-6EFB-422F-A04B-AA7D44D9A4A9} http://70.43.179.86/WebClient.cab (Netvisiondvr Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://70.43.179.87/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://70.43.179.87/VideoViewer.cab (CViewerControl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1254530975031 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://cam01.msutoday.msu.edu/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E87A4CD6-BA5F-4552-BC4F-8EC240A2755C} http://70.43.179.84/webrec.cab (WebRecClient Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\awtsQHxv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Michael Boensch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael Boensch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/05 20:50:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/01/05 15:36:22 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (2259651013902336)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/13 23:59:26 | 03,696,032 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael Boensch\Desktop\mbam-rules.exe
[2010/01/13 23:47:37 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael Boensch\Desktop\OTL.exe
[2010/01/13 23:47:23 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/13 23:47:20 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/13 23:46:34 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael Boensch\Desktop\mbam-setup.exe
[2010/01/13 17:17:54 | 00,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/01/13 17:17:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/01/13 17:17:28 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/01/13 17:17:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/01/13 16:49:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael Boensch\Local Settings\Application Data\Tific
[2010/01/13 16:48:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael Boensch\Application Data\Tific
[2010/01/13 16:47:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup
[2010/01/13 16:47:45 | 00,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2010/01/13 16:47:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200010.0F7
[2010/01/13 16:46:53 | 11,796,016 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Michael Boensch\Desktop\PCCheckupInstaller.exe
[2010/01/13 16:30:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael Boensch\Application Data\Uniblue
[2010/01/13 15:25:45 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/13 15:08:38 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Michael Boensch\Desktop\HJTInstall.exe
[2010/01/13 13:26:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael Boensch\Application Data\Malwarebytes
[2010/01/13 13:25:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/13 13:25:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/13 13:03:51 | 91,338,304 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Michael Boensch\Desktop\Ad-AwareInstallation.exe
[2010/01/10 12:43:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/11/02 16:40:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2009/06/30 23:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/09 10:07:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/04/04 00:18:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Nurago-Reporting-Service-Spool
[2008/12/30 17:48:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/09/04 09:43:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/09/04 09:42:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/08/13 22:48:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/01/27 22:18:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2007/01/07 13:35:15 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2007/01/07 13:35:14 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2007/01/05 22:52:14 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/01/05 20:53:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/01/05 20:50:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/13 23:59:27 | 03,696,032 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael Boensch\Desktop\mbam-rules.exe
[2010/01/13 23:47:52 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Boensch\Desktop\OTL.exe
[2010/01/13 23:47:27 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/13 23:47:07 | 13,107,200 | -H-- | M] () -- C:\Documents and Settings\Michael Boensch\NTUSER.DAT
[2010/01/13 23:46:41 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael Boensch\Desktop\mbam-setup.exe
[2010/01/13 23:45:26 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/13 23:42:02 | 03,374,149 | ---- | M] () -- C:\WINDOWS\{00000007-00000000-00000007-00001102-00000002-80651102}.CDF
[2010/01/13 23:42:02 | 03,374,149 | ---- | M] () -- C:\WINDOWS\{00000007-00000000-00000007-00001102-00000002-80651102}.BAK
[2010/01/13 23:41:25 | 00,000,065 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2010/01/13 23:41:09 | 00,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/01/13 23:40:36 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/13 23:40:17 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/13 23:39:19 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/13 23:39:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/13 23:38:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/13 23:38:44 | 21,467,42272 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/13 23:35:28 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Michael Boensch\ntuser.ini
[2010/01/13 23:32:46 | 71,604,930 | ---- | M] () -- C:\Documents and Settings\Michael Boensch\Desktop\backup.zip
[2010/01/13 17:18:59 | 00,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/13 17:17:50 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/13 17:17:49 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\Michael Boensch\Desktop\ZoneAlarm Security.lnk
[2010/01/13 17:16:42 | 00,001,963 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk
[2010/01/13 17:12:20 | 00,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000007-00000000-00000007-00001102-00000002-80651102}.rfx
[2010/01/13 17:12:20 | 00,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000007-00000000-00000007-00001102-00000002-80651102}.rfx
[2010/01/13 17:12:20 | 00,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000007-00000000-00000007-00001102-00000002-80651102}.rfx
[2010/01/13 17:12:20 | 00,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000007-00000000-00000007-00001102-00000002-80651102}.rfx
[2010/01/13 17:12:20 | 00,003,048 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/01/13 17:12:20 | 00,003,048 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/01/13 17:12:19 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000007-00000000-00000007-00001102-00000002-80651102}.dat
[2010/01/13 17:12:19 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000007-00000000-00000007-00001102-00000002-80651102}.dat
[2010/01/13 17:09:17 | 40,233,352 | ---- | M] () -- C:\Documents and Settings\Michael Boensch\Desktop\zaSetup_91_007_002_en.exe
[2010/01/13 16:47:07 | 11,796,016 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Michael Boensch\Desktop\PCCheckupInstaller.exe
[2010/01/13 16:46:17 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/13 15:08:39 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Michael Boensch\Desktop\HJTInstall.exe
[2010/01/13 13:05:59 | 91,338,304 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Michael Boensch\Desktop\Ad-AwareInstallation.exe
[2010/01/13 12:46:59 | 00,372,861 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/13 09:52:28 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/10 20:38:19 | 00,000,218 | ---- | M] () -- C:\Documents and Settings\Michael Boensch\.recently-used.xbel
[2010/01/10 12:45:12 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/10 12:16:01 | 00,002,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ScreenDASH!.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 20:02:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/06 19:19:47 | 06,426,624 | ---- | M] () -- C:\Documents and Settings\Michael Boensch\My Documents\My Money.mny
[2010/01/06 19:19:27 | 06,428,574 | R--- | M] () -- C:\Documents and Settings\Michael Boensch\My Documents\My Money Backup.mbf
[2010/01/05 14:11:54 | 00,234,568 | ---- | M] () -- C:\Documents and Settings\Michael Boensch\Desktop\zac gps.gpx
[2010/01/03 22:00:00 | 00,000,404 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/13 23:47:27 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/13 23:38:44 | 21,467,42272 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/13 23:30:05 | 71,604,930 | ---- | C] () -- C:\Documents and Settings\Michael Boensch\Desktop\backup.zip
[2010/01/13 17:17:50 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/13 17:17:49 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\Michael Boensch\Desktop\ZoneAlarm Security.lnk
[2010/01/13 17:17:29 | 00,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/13 17:08:30 | 40,233,352 | ---- | C] () -- C:\Documents and Settings\Michael Boensch\Desktop\zaSetup_91_007_002_en.exe
[2010/01/13 16:48:16 | 00,001,963 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk
[2010/01/13 16:47:45 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200010.0F7\isolate.ini
[2010/01/10 20:38:19 | 00,000,218 | ---- | C] () -- C:\Documents and Settings\Michael Boensch\.recently-used.xbel
[2010/01/10 12:45:12 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/05 14:11:54 | 00,234,568 | ---- | C] () -- C:\Documents and Settings\Michael Boensch\Desktop\zac gps.gpx
[2009/11/03 11:03:38 | 00,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/11/03 11:03:38 | 00,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/06/24 14:01:55 | 00,138,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/06/24 14:01:54 | 00,138,056 | ---- | C] () -- C:\Documents and Settings\Michael Boensch\Application Data\PnkBstrK.sys
[2009/04/27 11:30:01 | 00,000,173 | ---- | C] () -- C:\WINDOWS\GSAK.INI
[2009/03/09 11:33:05 | 00,441,705 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/03/09 11:23:05 | 00,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/02/11 12:17:57 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/01/12 16:03:25 | 00,058,904 | ---- | C] () -- C:\WINDOWS\System32\is4tray.dll
[2008/12/22 22:48:32 | 00,000,162 | ---- | C] () -- C:\WINDOWS\GF.INI
[2008/11/23 11:31:44 | 00,000,274 | ---- | C] () -- C:\Documents and Settings\Michael Boensch\Application Data\pioneers
[2008/11/06 11:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 11:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/16 21:24:58 | 00,753,152 | R-S- | C] () -- C:\WINDOWS\System32\wodTelnetDLX.dll
[2008/09/16 21:24:58 | 00,581,064 | R-S- | C] () -- C:\WINDOWS\System32\wodCertificate.dll
[2008/08/03 01:57:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\BowlingScore.INI
[2008/07/08 22:35:14 | 00,000,000 | ---- | C] () -- C:\Program Files\Common Files\dht342126
[2008/06/26 22:02:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\IYX08.INI
[2008/04/10 22:39:24 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\oecdidtu.dll
[2008/03/04 22:35:43 | 00,000,206 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2008/02/03 11:48:11 | 00,005,855 | ---- | C] () -- C:\Program Files\install.log
[2007/11/26 20:31:47 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/10/30 23:23:46 | 00,000,437 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2007/10/11 17:59:24 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/09/02 20:05:36 | 00,000,055 | ---- | C] () -- C:\WINDOWS\GDM16.ini
[2007/08/30 00:24:58 | 00,000,055 | ---- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2007/08/30 00:22:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2007/08/19 10:05:46 | 00,000,012 | ---- | C] () -- C:\WINDOWS\lang_e86.dll
[2007/07/04 00:18:59 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/07/04 00:18:58 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/05/09 19:35:54 | 00,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/05/04 12:11:47 | 00,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/04/18 12:31:43 | 00,049,327 | ---- | C] () -- C:\WINDOWS\ptz.ini
[2007/04/18 12:31:36 | 00,000,088 | ---- | C] () -- C:\WINDOWS\dvr2.ini
[2007/04/18 12:28:16 | 00,035,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cap01.sys
[2007/04/18 12:28:16 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cap02.sys
[2007/04/11 21:58:40 | 00,002,971 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2007/04/09 10:02:31 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/03/24 18:39:52 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/02/17 22:21:01 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/02/12 13:56:30 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/01/17 19:44:25 | 00,005,553 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2007/01/14 14:23:37 | 00,070,246 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/01/10 15:10:16 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Michael Boensch\Local Settings\Application Data\fusioncache.dat
[2007/01/10 14:57:58 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/01/08 16:20:39 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Michael Boensch\Application Data\$_hpcst$.hpc
[2007/01/06 23:49:52 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/06 23:22:37 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/01/06 23:22:37 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/01/06 23:22:37 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/01/06 23:22:37 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/01/06 23:22:37 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/01/06 23:22:37 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/01/06 21:50:34 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/01/05 23:24:59 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/05 23:12:44 | 00,000,162 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/01/05 23:12:08 | 00,000,707 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/01/05 23:11:01 | 00,000,342 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/05 22:58:30 | 00,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2007/01/05 22:52:49 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/01/05 22:52:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/01/05 22:52:16 | 00,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2007/01/05 22:52:16 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/01/05 22:52:15 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2007/01/05 21:45:42 | 00,154,624 | ---- | C] () -- C:\Documents and Settings\Michael Boensch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/05 21:26:21 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/01/05 21:26:21 | 00,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/01/05 21:23:35 | 00,061,184 | R--- | C] () -- C:\WINDOWS\System32\drivers\mv614x.sys
[2007/01/05 21:19:32 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/01/05 21:19:31 | 00,021,276 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/01/05 21:19:23 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/06/29 11:29:04 | 00,027,239 | ---- | C] () -- C:\WINDOWS\System32\dhchs.ini
[2006/06/20 13:36:06 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\decode.dll
[2006/06/20 13:34:08 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\render.dll
[2006/06/19 08:20:44 | 00,015,770 | ---- | C] () -- C:\WINDOWS\System32\dheng.ini
[2006/06/13 12:50:34 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\dllh264.dll
[2006/05/15 09:23:48 | 00,393,216 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2006/04/05 12:52:56 | 00,067,072 | ---- | C] () -- C:\WINDOWS\System32\AudioRecord.dll
[2006/04/05 12:52:54 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\ConfigManage.dll
[2006/04/05 12:52:48 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2006/01/06 04:56:38 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\FilePlayer.dll
[2005/12/27 07:06:06 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\SearchPlay.dll
[2005/12/24 06:47:04 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\RealPlay.dll
[2005/09/06 02:30:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\NetChannel1.dll
[2005/09/06 01:09:46 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\DvrNet1.dll
[2005/09/02 13:25:58 | 00,022,717 | ---- | C] () -- C:\WINDOWS\System32\dhrussian.ini
[2005/07/01 11:46:08 | 00,021,507 | ---- | C] () -- C:\WINDOWS\System32\dhgerman.ini
[2005/06/21 09:29:20 | 00,045,514 | ---- | C] () -- C:\WINDOWS\System32\dhfrench.ini
[2005/03/28 09:14:38 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/02/05 15:46:00 | 00,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2004/10/14 12:05:08 | 00,020,691 | ---- | C] () -- C:\WINDOWS\System32\dhspanish.ini
[2004/10/14 12:05:08 | 00,019,533 | ---- | C] () -- C:\WINDOWS\System32\dhjapanese.ini
[2004/10/14 12:05:08 | 00,017,970 | ---- | C] () -- C:\WINDOWS\System32\dhitalian.ini
[2004/10/14 12:05:08 | 00,016,735 | ---- | C] () -- C:\WINDOWS\System32\dhcht.ini
[2004/08/22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003/07/31 13:40:42 | 00,005,365 | ---- | C] () -- C:\WINDOWS\System32\drivers\NetProbe.sys
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 15:33:22 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\asus_tv_tune.dll
[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/01/06 19:00:00 | 00,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll
[2000/01/06 19:00:00 | 00,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/04/28 14:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/08/06 16:14:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/05/17 22:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/10/02 16:46:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2009/09/14 14:09:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2007/01/06 23:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2008/07/09 18:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2009/06/02 21:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NorthGates Systems
[2007/02/07 13:49:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/08/24 11:20:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/03/04 11:29:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SnapStream
[2007/01/10 14:57:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007/01/10 14:57:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008/10/09 21:07:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/12 17:11:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2007/08/14 18:48:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/04/04 14:11:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/09 18:51:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\WD
[2009/03/04 16:02:42 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2007/07/07 16:36:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\.gaim
[2010/01/10 20:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\.purple
[2007/04/26 12:43:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\Alawar
[2007/08/02 20:09:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\BinarySense
[2009/05/27 06:24:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\Canon
[2008/06/06 16:38:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\CCleanup
[2009/12/18 00:59:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\ContentGuard
[2007/04/09 11:47:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\COWON
[2007/03/20 19:47:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\Da3d
[2007/12/18 00:26:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\DevilishGames
[2010/01/05 22:40:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\EurekaLog
[2009/05/17 22:19:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\GARMIN
[2010/01/10 17:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\gtk-2.0
[2009/01/17 20:51:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\IObit
[2007/12/07 22:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\Juniper Networks
[2009/06/02 21:21:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\KMLEditorMonitor
[2007/12/11 09:55:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\Leadertech
[2007/11/08 20:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\LogicWeave Software
[2009/06/02 21:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\NorthGates Systems
[2009/10/03 01:02:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\OpenOffice.org
[2007/05/04 01:15:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\Ringjacker
[2007/01/10 14:58:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\ScanSoft
[2007/06/17 21:31:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\SecondLife
[2007/02/16 11:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\SSH
[2009/10/02 22:34:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\Thunderbird
[2010/01/13 16:48:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\Tific
[2007/01/10 23:00:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\Ulead Systems
[2010/01/13 16:30:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\Uniblue
[2007/03/14 23:54:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\URSE Games
[2008/08/12 08:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\Viewpoint
[2010/01/05 23:25:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael Boensch\Application Data\WeatherBug
[2010/01/13 16:46:17 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/01/03 22:00:00 | 00,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/30 17:12:14 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/30 17:12:14 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/30 17:12:14 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/30 17:12:14 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/06/13 14:25:36 | 00,339,968 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BB519E
@Alternate Data Stream - 16 bytes -> C:\Program Files\Common Files:ht342126
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10517E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:648FDDD8
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B4D9DFB
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C
< End of report >


#4 mboensch

mboensch
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 14 January 2010 - 12:25 AM

I noticed OTL created two log files. I already posted the OTL.txt. Here is the details from the extras.txt.

OTL Extras logfile created on: 1/14/2010 12:03:20 AM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Michael Boensch\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 6.63 Gb Free Space | 22.64% Space Free | Partition Type: NTFS
Drive D: | 85.20 Gb Total Space | 53.16 Gb Free Space | 62.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 233.76 Gb Total Space | 116.60 Gb Free Space | 49.88% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 389.74 Gb Free Space | 83.68% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: TOWER
Current User Name: Michael Boensch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-839522115-1580436667-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5800:TCP" = 5800:TCP:*:Enabled:VNC
"5900:TCP" = 5900:TCP:*:Enabled:VNC2
"3255:UDP" = 3255:UDP:*:Enabled:Windows Media Format SDK (firefox.exe)
"3254:UDP" = 3254:UDP:*:Enabled:Windows Media Format SDK (firefox.exe)
"3266:UDP" = 3266:UDP:*:Enabled:Windows Media Format SDK (firefox.exe)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\setup\HPZnet01.exe" = E:\setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- File not found
"C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" = C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows -- (Hewlett-Packard Company)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"D:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = D:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service -- File not found
"C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service -- File not found
"C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service -- File not found
"C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine -- File not found
"C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader -- File not found
"C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service -- File not found
"C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service -- File not found
"C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape -- File not found
"C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe" = C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:*:Enabled:Beyond TV Setup Wizard -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"D:\Program Files\uTorrent\utorrent.exe" = D:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Documents and Settings\Michael Boensch\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" = C:\Documents and Settings\Michael Boensch\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Documents and Settings\Michael Boensch\Local Settings\Temp\7zSC3.tmp\SymNRT.exe" = C:\Documents and Settings\Michael Boensch\Local Settings\Temp\7zSC3.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Pidgin\pidgin.exe" = C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin -- (The Pidgin developer community)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{03737893-5BEE-4C78-9C58-3AE7F172BBBE}" = Garmin Communicator Plugin
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05B5DCEC-BD8A-BC78-D0A5-C90484ED378D}" = Catalyst Control Center Graphics Light
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = Canon CanoScan Toolbox 4.5
"{154F197B-F413-7D58-AF50-9CD295A7F443}" = CCC Help English
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21878C15-0B11-40A0-A266-54B324965893}" = DSTfix
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2B0DBB93-DF0A-5625-7035-471D82BFA975}" = Skins
"{2D37FB97-944C-402E-B587-E969BFD99A10}" = ASUS TV FM CARD
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{31492759-0E89-46B5-9770-F6E5808E3017}" = xImage
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe 1.4.44.1
"{3ACA50F4-79BD-3F79-8C61-02F7145BF17B}" = Catalyst Control Center Core Implementation
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3EDFFD11-B9AB-4296-9757-B5AF1F2B8E5C}" = Beyond TV DVD Burning Foundation
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{4B050456-DA2E-5602-DA35-7F5F8E504191}" = Catalyst Control Center Graphics Full Existing
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{523D8C1B-3309-4F8E-A15B-6C0E8A0B7D72}" = Groundspeak Wherigo Builder
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = AsusUpdate
"{58B42F3F-EC8D-4A53-9813-5EA43C4E9350}" = Garmin City Navigator North America NT 2009
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}" = InterVideo WinDVR 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{80A2A967-C1B7-412D-B2B2-C4A33209C205}" = Garmin POI Loader
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{94AB7EE4-8335-C799-BECF-9CB63AD73861}" = Catalyst Control Center Graphics Full New
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C08DF6F-0FC2-09DC-3A82-ECF7934522C7}" = ccc-core-static
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}" = Apple Mobile Device Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC60C8C1-855E-45AB-8D95-1D16F8A38E78}" = UGuide
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFD1BE8A-E2E6-4B1B-9BDC-C439BD1CED80}" = Microsoft Pocket Streets for Pocket PC
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA7A3288-228D-4031-A93A-B5F6B3415E15}" = Misc
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}" = Dual-Core Optimizer
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3EBEF79-DE34-44AE-8774-F6A17ABE27B2}" = Garmin nRoute
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4531EF7-C979-44B1-9AEA-69C9F8D89B54}" = ScreenDASH
"{D57C2ACB-4246-A901-8D8D-8DA9E311F086}" = ccc-core-preinstall
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{DA76C4B0-3B47-592D-E167-F0000BE5B2EC}" = ccc-utility
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E14336FF-AE98-FA53-5E14-7E61E0AE60CC}" = Catalyst Control Center Graphics Previews Common
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CD25A0-5401-40B2-BAA9-E267408B16DF}" = Toolbox
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F7514465-E5F3-48E9-A952-327DAEF33DE6}" = InterVideo Home Theater
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Active@ Partition Recovery 5.1" = Active@ Partition Recovery 5.1
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Aspi Installer" = Aspi Installer
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"ATI Display Driver" = ATI Display Driver
"AutoCAD 2000 Uninstall" = AutoCAD 2000
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.1
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EADM" = EA Download Manager
"Easy GIF Animator_is1" = Easy GIF Animator 4.8
"EasyGPS_is1" = EasyGPS 3.57
"EKS Descartes Enigma" = EKS Descartes Enigma
"FixUstor" = Generic color icon driver
"GameSpotDownloadManager" = GameSpot Download Manager
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Updater" = Google Updater
"GpxSonar" = GpxSonar
"GpxView" = GpxView
"GSAK (Geocaching Swiss Army Knife)_is1" = GSAK 7.2.4.19 (patch)
"GSAK_is1" = GSAK 7.6.2.45 (Final)
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"GTK2-Runtime" = GTK2-Runtime
"HP Officejet Pro K550 Series" = HP Officejet Pro K550 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IDrive_is1" = IDrive version 3.2.6 March 09, 2009
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Img2gps_is1" = Img2gps v2.81
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{2D37FB97-944C-402E-B587-E969BFD99A10}" = ASUS TV FM CARD
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"marooned" = Marooned
"MI Trails 08.001_is1" = MI Trails 08.001
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"NeroMultiInstaller!UninstallKey" = Nero Suite
"nLite_is1" = nLite 1.4.9.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NortonPCCheckup" = Norton PC Checkup
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"PoiEdit" = PoiEdit
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"QSuite_is1" = QSuite Ver2.1
"rayatitray" = Ray Adams ATI Tray Tools
"RealArcade" = RealArcade
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"ST5UNST #1" = ENIGMA
"The Rise of Atlantis_is1" = The Rise of Atlantis 1.0
"TibetSystem - Uninstall EyeMax DVR" = Uninstall EyeMax DVR
"Tweak UI 2.10" = Tweak UI
"Unlocker" = Unlocker 1.8.7
"USStatesandCounties" = US State and County Borders
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WeatherBug" = WeatherBug
"Wget-src-1.10.1_is1" = GnuWin32: Wget version 1.10.1
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinVNC_is1" = VNC 3.3.7
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD_is1" = XviD 1.1 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Zinio Reader" = Zinio Reader

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-839522115-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/13/2010 1:24:19 PM | Computer Name = TOWER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/13/2010 5:49:08 PM | Computer Name = TOWER | Source = MsiInstaller | ID = 11706
Description = Product: Ad-Aware -- Error 1706. An installation package for the product
Ad-Aware cannot be found. Try the installation again using a valid copy of the
installation package 'Ad-AwareAE.msi'.

Error - 1/13/2010 6:28:52 PM | Computer Name = TOWER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 1/13/2010 6:28:55 PM | Computer Name = TOWER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2010 6:30:01 PM | Computer Name = TOWER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 1/13/2010 11:09:36 PM | Computer Name = TOWER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 1/13/2010 11:11:48 PM | Computer Name = TOWER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 1/14/2010 12:40:20 AM | Computer Name = TOWER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 1/14/2010 12:45:26 AM | Computer Name = TOWER | Source = Google Update | ID = 20
Description =

Error - 1/14/2010 12:57:47 AM | Computer Name = TOWER | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/13/2010 7:53:32 PM | Computer Name = TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/13/2010 10:02:21 PM | Computer Name = TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/13/2010 11:11:38 PM | Computer Name = TOWER | Source = mv614x | ID = 262153
Description = The device, \Device\Scsi\mv614x1, did not respond within the timeout
period.

Error - 1/14/2010 12:02:58 AM | Computer Name = TOWER | Source = mv614x | ID = 262153
Description = The device, \Device\Scsi\mv614x1, did not respond within the timeout
period.

Error - 1/14/2010 12:33:59 AM | Computer Name = TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/14/2010 12:34:07 AM | Computer Name = TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/14/2010 12:35:23 AM | Computer Name = TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/14/2010 12:54:10 AM | Computer Name = TOWER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IDriveE Service service
to connect.

Error - 1/14/2010 12:54:10 AM | Computer Name = TOWER | Source = Service Control Manager | ID = 7000
Description = The IDriveE Service service failed to start due to the following error:
%%1053

Error - 1/14/2010 12:54:40 AM | Computer Name = TOWER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IDriveE Service service
to connect.


< End of report >


#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:00 PM

Posted 14 January 2010 - 08:44 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 mboensch

mboensch
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 14 January 2010 - 11:21 AM

ComboFix 10-01-13.0C - Michael Boensch 01/14/2010 10:33:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1368 [GMT -5:00]
Running from: C:\Documents and Settings\Michael Boensch\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Michael Boensch\Application Data\EurekaLog
C:\Documents and Settings\Michael Boensch\Application Data\EurekaLog\EurekaLog.ini
C:\Program Files\INSTALL.LOG
C:\WINDOWS\system32\Data
C:\WINDOWS\system32\Data\CT0060W.DAT
C:\WINDOWS\system32\Data\CTP0060W.DAT
C:\WINDOWS\system32\Data\CTP0061W.DAT
C:\WINDOWS\system32\Data\CTP0100W.DAT
C:\WINDOWS\system32\Data\CTP0101W.DAT
C:\WINDOWS\system32\Data\CTP0102W.DAT
C:\WINDOWS\system32\Data\CTP0103W.DAT
C:\WINDOWS\system32\Data\CTP0105W.DAT
C:\WINDOWS\system32\Data\CTP0221W.DAT
C:\WINDOWS\system32\Data\CTP0222W.DAT
C:\WINDOWS\system32\Data\CTP1140W.DAT
C:\WINDOWS\system32\Data\CTP4620W.DAT
C:\WINDOWS\system32\Data\CTP4670W.DAT
C:\WINDOWS\system32\Data\CTP4760W.DAT
C:\WINDOWS\system32\Data\CTP4780W.DAT
C:\WINDOWS\system32\Data\CTP4790W.DAT
C:\WINDOWS\system32\Data\CTP4830W.DAT
C:\WINDOWS\system32\Data\CTP4831W.DAT
C:\WINDOWS\system32\Data\CTP4832W.DAT
C:\WINDOWS\system32\Data\CTP4840W.DAT
C:\WINDOWS\system32\Data\CTP4850W.DAT
C:\WINDOWS\system32\Data\CTP4870W.DAT
C:\WINDOWS\system32\Data\CTP4871W.DAT
C:\WINDOWS\system32\Data\CTP4872W.DAT
C:\WINDOWS\system32\Data\CTP4890W.DAT
C:\WINDOWS\system32\Data\CTP4891W.DAT
C:\WINDOWS\system32\Data\CTP4893W.DAT
C:\WINDOWS\system32\Data\CTPDXW.DAT
C:\WINDOWS\system32\Data\CTPM002W.DAT
C:\WINDOWS\system32\Data\CTSBAS2W.DAT
C:\WINDOWS\system32\Data\CTSBASW.DAT
C:\WINDOWS\system32\sqlite3.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-14 04:47:23 . 2010-01-07 21:07:14 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-01-14 04:47:20 . 2010-01-07 21:07:04 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-01-13 21:49:02 . 2010-01-14 05:30:45 -------- d-----w- C:\Documents and Settings\Michael Boensch\Local Settings\Application Data\Tific
2010-01-13 21:48:58 . 2010-01-13 21:48:58 -------- d-----w- C:\Documents and Settings\Michael Boensch\Application Data\Tific
2010-01-13 21:47:45 . 2010-01-13 21:47:45 -------- d-----w- C:\WINDOWS\system32\drivers\NortonPCCheckup
2010-01-13 21:47:45 . 2010-01-13 21:47:45 -------- d-----w- C:\Program Files\Norton PC Checkup
2010-01-13 21:30:40 . 2010-01-13 21:30:40 -------- d-----w- C:\Documents and Settings\Michael Boensch\Application Data\Uniblue
2010-01-13 20:25:45 . 2010-01-13 20:25:45 -------- d-----w- C:\Program Files\Trend Micro
2010-01-13 18:26:02 . 2010-01-13 18:26:02 -------- d-----w- C:\Documents and Settings\Michael Boensch\Application Data\Malwarebytes
2010-01-13 18:25:55 . 2010-01-13 18:25:55 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-13 18:25:53 . 2010-01-14 04:47:30 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-13 01:46:48 . 2009-11-21 15:51:04 471552 -c----w- C:\WINDOWS\system32\dllcache\aclayers.dll
2010-01-10 17:43:00 . 2010-01-10 17:43:00 -------- d-----w- C:\Documents and Settings\All Users\Application Data\McAfee
2009-12-21 16:26:14 . 2010-01-13 21:27:39 -------- d-----w- C:\Documents and Settings\Michael Boensch\Application Data\Ditto
2009-12-21 16:26:07 . 2010-01-13 21:28:11 -------- d-----w- C:\Program Files\Ditto

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 16:01:57 . 2008-07-09 16:22:58 -------- d-----w- C:\Program Files\IDrive
2010-01-14 15:29:42 . 2010-01-14 14:30:53 663318 ----a-w- C:\WINDOWS\Internet Logs\tvDebug.Zip
2010-01-14 15:28:18 . 2007-08-06 04:03:55 24 ----a-w- C:\WINDOWS\system32\DVCStateBkp-{00000007-00000000-00000007-00001102-00000002-80651102}.dat
2010-01-14 15:28:18 . 2007-08-06 04:03:55 24 ----a-w- C:\WINDOWS\system32\DVCState-{00000007-00000000-00000007-00001102-00000002-80651102}.dat
2010-01-14 05:28:17 . 2010-01-13 22:17:50 4212 ---ha-w- C:\WINDOWS\system32\zllictbl.dat
2010-01-13 23:46:46 . 2007-03-31 17:49:48 -------- d-----w- C:\Program Files\Common Files\AOL
2010-01-13 23:46:44 . 2007-03-31 17:50:25 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AOL
2010-01-13 23:44:33 . 2009-05-06 13:32:53 -------- d-----w- C:\Program Files\Coupons
2010-01-13 22:17:54 . 2010-01-13 22:17:54 -------- d-----w- C:\Program Files\CheckPoint
2010-01-13 22:17:28 . 2010-01-13 22:17:28 -------- d-----w- C:\Program Files\Zone Labs
2010-01-13 21:47:45 . 2008-12-28 20:36:41 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Norton
2010-01-13 21:47:43 . 2008-12-28 20:26:05 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-01-13 21:47:37 . 2009-03-04 17:05:36 -------- d-----w- C:\Program Files\NortonInstaller
2010-01-13 17:52:44 . 2008-06-05 01:45:39 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2010-01-13 16:15:13 . 2009-10-03 03:34:04 -------- d-----w- C:\Program Files\Mozilla Thunderbird
2010-01-11 01:38:18 . 2007-07-01 20:28:45 -------- d-----w- C:\Documents and Settings\Michael Boensch\Application Data\.purple
2010-01-10 22:44:20 . 2007-07-01 20:33:03 -------- d-----w- C:\Documents and Settings\Michael Boensch\Application Data\gtk-2.0
2010-01-10 17:43:42 . 2008-11-22 03:22:49 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2010-01-10 17:01:39 . 2007-02-23 00:36:38 -------- d-----w- C:\Program Files\Java
2010-01-06 05:23:18 . 2007-01-06 04:23:07 -------- d-----w- C:\Documents and Settings\Michael Boensch\Application Data\Skype
2010-01-06 04:25:32 . 2007-01-10 05:19:09 -------- d-----w- C:\Documents and Settings\Michael Boensch\Application Data\WeatherBug
2010-01-05 23:03:18 . 2008-07-15 22:32:25 -------- d-----w- C:\Documents and Settings\Michael Boensch\Application Data\skypePM
2010-01-03 17:04:18 . 2007-07-01 20:27:50 -------- d-----w- C:\Program Files\Pidgin
2009-12-30 02:39:16 . 2009-02-25 15:58:34 -------- d-----w- C:\Program Files\Garmin
2009-12-22 01:50:11 . 2007-01-06 04:17:49 -------- d-----w- C:\Program Files\Google
2009-12-18 05:59:04 . 2007-10-15 00:14:22 -------- d-----w- C:\Documents and Settings\Michael Boensch\Application Data\ContentGuard
2009-12-09 01:28:56 . 2007-01-06 04:24:13 -------- d-----w- C:\Program Files\Microsoft ActiveSync
2009-11-22 20:42:44 . 2010-01-13 22:17:31 1238408 ----a-w- C:\WINDOWS\system32\zpeng25.dll
2009-11-22 20:42:40 . 2010-01-13 22:17:43 69000 ----a-w- C:\WINDOWS\system32\zlcomm.dll
2009-11-22 20:42:40 . 2010-01-13 22:17:43 103816 ----a-w- C:\WINDOWS\system32\zlcommdb.dll
2009-11-21 15:51:04 . 2004-08-04 12:00:00 471552 ----a-w- C:\WINDOWS\AppPatch\aclayers.dll
2009-10-29 07:45:38 . 2004-08-04 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-10-23 19:59:36 . 2009-06-24 19:01:55 138056 ----a-w- C:\WINDOWS\system32\drivers\PnkBstrK.sys
2009-10-23 19:59:36 . 2009-06-24 19:01:54 138056 ----a-w- C:\Documents and Settings\Michael Boensch\Application Data\PnkBstrK.sys
2009-10-23 19:59:17 . 2009-06-24 19:01:40 189248 ----a-w- C:\WINDOWS\system32\PnkBstrB.exe
2009-10-23 19:59:04 . 2009-06-24 19:01:39 75064 ----a-w- C:\WINDOWS\system32\PnkBstrA.exe
2009-10-23 19:59:02 . 2009-10-23 19:59:02 2395944 ----a-w- C:\WINDOWS\system32\pbsvc_heroes.exe
2009-10-21 05:38:36 . 2004-08-04 12:00:00 75776 ----a-w- C:\WINDOWS\system32\strmfilt.dll
2009-10-21 05:38:36 . 2004-08-04 12:00:00 25088 ----a-w- C:\WINDOWS\system32\httpapi.dll
2009-10-20 16:20:16 . 2004-08-04 12:00:00 265728 ----a-w- C:\WINDOWS\system32\drivers\http.sys
2008-07-09 03:35:14 . 2008-07-09 03:35:14 0 ----a-w- C:\Program Files\Common Files\dht342126
1999-04-23 22:22:22 . 1999-04-23 22:22:22 12 --sha-w- C:\WINDOWS\system\WININETICMP32.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 20:02:24 1343488]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2005-04-18 16:16:02 73728]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-20 00:38:08 1957888]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 20:07:20 2260480]
"IDriveE Startup"="C:\Program Files\IDrive\IDrvieEStartup.exe" [2009-03-05 18:18:10 77824]
"Zinio DLM"="C:\Program Files\Zinio\ZinioReader.exe" [2009-07-21 18:02:11 2707526]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2009-09-03 21:17:14 3342336]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 15:06:16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWU_MPM_Agent"="C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe" [2005-07-23 07:18:48 106496]
"UMonit"="C:\WINDOWS\system32\umonit.exe" [2006-07-26 22:21:24 53248]
"WinDVR SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-11-22 06:23:56 106496]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 06:00:00 90112]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 00:42:40 32768]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 17:00:58 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 16:50:42 155648]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 06:00:00 28672]
"IHTWINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2004-11-22 06:22:36 188416]
"HPWUTOOLBOX"="C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" [2005-07-23 07:18:44 352256]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 21:49:48 77824]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 13:33:26 892928]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 16:35:24 90112]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 12:00:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 12:00:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 12:00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 12:00:00 455168]
"WinVNC"="C:\Program Files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 18:49:00 335872]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 20:05:47 520024]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 22:56:00 24576]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 23:44:20 16262656]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 19:44:00 101136]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 19:44:00 101136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 06:04:34 39792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 20:33:22 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 20:37:32 2178832]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 04:15:46 15872]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-09-05 05:54:42 417792]
"Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" [2008-10-02 16:39:34 2137600]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2010-01-10 17:43:45 149280]

C:\Documents and Settings\Michael Boensch\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe [2008-1-17 876544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-7 113664]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2007-1-5 221247]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-1-6 188416]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2009-9-11 22486]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-4-18 688128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Boensch^Start Menu^Programs^Startup^GpsGate.lnk]
path=C:\Documents and Settings\Michael Boensch\Start Menu\Programs\Startup\GpsGate.lnk
backup=C:\WINDOWS\pss\GpsGate.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04:34 39792 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 06:43:28 69632 ----a-w- C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 20:33:22 563984 ----a-w- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 20:37:32 2178832 ----a-w- C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 18:11:12 25623336 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 06:04:26 2879488 ----a-w- C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
2009-07-21 18:02:11 2707526 ----a-w- C:\Program Files\Zinio\ZinioReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\\Program Files\\HP\\HP Officejet Pro K550 Series\\Toolbox\\HPWUTBX.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Pidgin\\pidgin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5800:TCP"= 5800:TCP:VNC
"5900:TCP"= 5900:TCP:VNC2
"3255:UDP"= 3255:UDP:Windows Media Format SDK (firefox.exe)
"3254:UDP"= 3254:UDP:Windows Media Format SDK (firefox.exe)
"3266:UDP"= 3266:UDP:Windows Media Format SDK (firefox.exe)

R?2 IDriveE Service;IDriveE Service;C:\Program Files\IDrive\IDriveE Service.exe [3/9/2009 11:33:06 AM 135168]
R0 d347bus;d347bus;C:\WINDOWS\system32\drivers\d347bus.sys [1/7/2007 1:35:14 PM 155136]
R0 d347prt;d347prt;C:\WINDOWS\system32\drivers\d347prt.sys [1/7/2007 1:35:15 PM 5248]
R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [3/4/2009 4:04:39 PM 64160]
R0 mv614x;mv614x;C:\WINDOWS\system32\drivers\mv614x.sys [1/5/2007 9:23:35 PM 61184]
R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NAV\1007020.00B\SymEFA.sys [8/31/2009 6:15:54 PM 310320]
R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [5/22/2007 4:04:54 AM 18088]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NAV\1007020.00B\BHDrvx86.sys [8/31/2009 6:15:53 PM 259632]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NAV\1007020.00B\cchpx86.sys [8/31/2009 6:15:16 PM 482432]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSXpx86.sys [1/8/2010 2:45:00 PM 329592]
R2 IDrivePlugin;IDrivePlugin;C:\Program Files\IDrive\IDriveWebM.exe [3/9/2009 11:33:09 AM 58832]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 8:30:02 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 8:30:26 AM 476528]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34:37 PM 1028432]
R2 NetProbe;NetProbe Packet Driver;C:\WINDOWS\system32\drivers\NetProbe.sys [7/31/2003 1:40:42 PM 5365]
R2 Norton AntiVirus;Norton AntiVirus;C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [8/31/2009 6:15:29 PM 117640]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files\Norton PC Checkup\Engine\2.0.1.247\ccSvcHst.exe [1/13/2010 4:47:48 PM 126392]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\drivers\atl01_xp.sys [1/5/2007 9:20:07 PM 35840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/26/2009 3:00:00 AM 102448]
R3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys [1/17/2007 7:44:25 PM 6016]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\drivers\phtvtune.sys [1/6/2007 11:19:54 PM 24608]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys --> C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys [?]
S2 gupdate1c9e913f9a4d730;Google Update Service (gupdate1c9e913f9a4d730);C:\Program Files\Google\Update\GoogleUpdate.exe [6/9/2009 10:07:15 AM 133104]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files\Norton PC Checkup\Engine\2.0.1.247\SymcPCCULaunchSvc.exe [1/13/2010 4:47:48 PM 123248]
S3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys --> C:\WINDOWS\system32\DRIVERS\AmdTools.sys [?]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\drivers\motodrv.sys [7/25/2008 3:05:11 PM 42112]
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34:46 . 2009-09-21 20:08:16]


#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:00 PM

Posted 15 January 2010 - 07:49 AM


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


=====================


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 mboensch

mboensch
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 15 January 2010 - 03:57 PM

I am not exactly sure of what happened on my computer but it wanted me to reactivate windows because of major system changes. Also I get several errors on startup. I also noticed when I go to device manager it is completely blank and I have no clue why. For some reason, the computer no longer connects to the Internet. So I am not sure if I can run the ATF Cleaner or the ESET Online Scanner. I may just have to completely reinstall windows.

#9 mboensch

mboensch
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 15 January 2010 - 10:35 PM

I figured out what was going on. I should be able to run the ATF Cleaner or the ESET Online Scanner in the next couple days.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:00 PM

Posted 16 January 2010 - 09:27 AM

Ok, sounds good. Just post back with you have the log from Eset.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 mboensch

mboensch
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 17 January 2010 - 02:05 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1958f821829b054ab4a70cdcd52b157c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-17 03:11:45
# local_time=2010-01-17 10:11:45 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3587 16777173 100 94 4360029 11896480 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 25 70 237129 4736859 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1958f821829b054ab4a70cdcd52b157c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-17 03:15:12
# local_time=2010-01-17 10:15:12 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3587 16777173 100 94 4360236 11896687 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 25 70 237336 4737066 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1958f821829b054ab4a70cdcd52b157c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-17 03:15:59
# local_time=2010-01-17 10:15:59 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3587 16777189 100 94 4360283 11896734 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 25 70 237383 4737113 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1958f821829b054ab4a70cdcd52b157c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-17 06:44:50
# local_time=2010-01-17 01:44:50 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3587 16777173 100 94 4360762 11897213 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 25 70 237862 4737592 0 0
# scanned=440247
# found=3
# cleaned=3
# scan_time=12055
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
G:\Backup 10-27-06\Backup\My Download Files\gozilla.exe Win32/Adware.Aureate application (deleted - quarantined) 00000000000000000000000000000000 C
G:\My Downloads\Utilites\unlocker1.8.7.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C


#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:00 PM

Posted 18 January 2010 - 09:37 AM

Not too bad. How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 mboensch

mboensch
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 18 January 2010 - 11:00 AM

Still the same problem with the processes launching. But if I close the IDrivetray, it goes away and comes back if I reopen it. I can try reinstalling it but I am not sure it will resolve the issue.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:00 PM

Posted 18 January 2010 - 06:34 PM

I'm not familiar IDriveTray, but this doesn't sound related to malware.
Without IDriveTray, how is your computer behaving?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 mboensch

mboensch
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 18 January 2010 - 06:38 PM

My computer is running good.

The idrivetray is related with I-Drive an online backup.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users