Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirect on xp


  • This topic is locked This topic is locked
23 replies to this topic

#1 truckyxp

truckyxp

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:minnesota
  • Local time:06:52 PM

Posted 17 February 2010 - 12:20 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/294886/web-browser-redirect-on-xp-home/ ~ OB

Hello,
All browsers on my profile (limited account) are being redirected after google searches.
This is a Windows XP with sp2.

When I ran defrogger I clicked disable but system did not ask to reboot.
I had already run defogger a few days ago.

defogger_disable by jpshortstuff (29.01.10.1)
Log created at 08:14 on 17/02/2010 (rock star!!!!!!!!!!!)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-



DDS (Ver_09-12-01.01) - NTFSx86
Run by rock star!!!!!!!!!!! at 8:32:22.42 on Wed 02/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.153 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\rock star!!!!!!!!!!!\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [Lexmark 5200 series] "c:\program files\lexmark 5200 series\lxbtbmgr.exe"
mRun: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBTtime.dll,_RunDLLEntry@16
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wincin~1.lnk - c:\program files\sandisk\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photag~1.lnk - c:\program files\photags express\Photags AutoDetect.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?09a25232a3cc4dd0ab1d833e4971d942
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?09a25232a3cc4dd0ab1d833e4971d942
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: googe.com\www
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265159937671
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-14 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-14 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-14 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-11 56816]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [2006-6-4 45568]
R3 PxHelper;PxHelper;c:\windows\system32\drivers\PxHelper.sys [2006-4-28 15776]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

=============== Created Last 30 ================

2010-02-16 22:21:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-16 22:21:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-16 14:06:35 4476 ----a-w- c:\windows\system32\tmp.reg
2010-02-15 03:16:03 0 d-----w- c:\program files\ESET
2010-02-14 17:42:56 0 d-----w- c:\program files\Avira
2010-02-14 17:42:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-02-14 16:40:09 6 ----a-w- c:\windows\msoffice.ini
2010-02-14 01:14:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-14 01:14:25 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-14 01:14:25 0 d-----w- c:\docume~1\rockst~1\applic~1\SUPERAntiSpyware.com
2010-02-14 01:10:05 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-14 00:46:21 0 d-sha-r- C:\autorun.inf
2010-02-13 18:56:33 0 d-----w- c:\program files\Trend Micro
2010-02-13 18:17:05 98816 ----a-w- c:\windows\sed.exe
2010-02-13 18:17:05 77312 ----a-w- c:\windows\MBR.exe
2010-02-13 18:17:05 261632 ----a-w- c:\windows\PEV.exe
2010-02-13 18:17:05 161792 ----a-w- c:\windows\SWREG.exe
2010-02-12 16:56:14 0 d-sh--w- c:\documents and settings\rock star!!!!!!!!!!!\IECompatCache
2010-02-12 01:15:11 0 ----a-w- c:\documents and settings\rock star!!!!!!!!!!!\defogger_reenable
2010-02-11 23:14:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-11 13:11:29 0 d-sh--w- c:\documents and settings\rock star!!!!!!!!!!!\PrivacIE
2010-02-11 13:10:55 0 d-sh--w- c:\documents and settings\rock star!!!!!!!!!!!\IETldCache
2010-02-10 21:28:05 0 dc-h--w- c:\windows\ie8
2010-02-09 15:52:42 0 d-----w- c:\windows\system32\NtmsData
2010-02-08 02:38:22 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-02-07 17:37:16 0 d-----w- c:\docume~1\rockst~1\applic~1\Malwarebytes
2010-02-03 22:33:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 22:33:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 22:33:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-02 21:21:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-02 20:32:39 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-02-02 20:32:24 0 d-----w- c:\program files\Hitman Pro 3.5
2010-02-02 20:32:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-02-02 17:53:47 917504 ----a-w- c:\windows\system32\FLASH.OCX
2010-02-02 15:50:28 119296 --sha-r- c:\windows\system32\cfgbkendy.dll
2010-02-01 02:26:16 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-02-01 02:26:16 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-21 23:28:08 0 d-----w- c:\program files\iPod
2010-01-21 23:27:44 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2009-12-18 16:34:39 0 ----a-w- c:\docume~1\rockst~1\applic~1\wklnhst.dat

============= FINISH: 8:32:50.03 ===============

Attached Files


Edited by Orange Blossom, 17 February 2010 - 07:35 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 19 February 2010 - 09:27 PM

Hello.

Did you run Combofix yourself? If so, please delete your copy and re-download a new copy and follow the instructions below on running it.

Download and Run Combofix

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 truckyxp

truckyxp
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:minnesota
  • Local time:06:52 PM

Posted 19 February 2010 - 10:53 PM

Hello and thanks for helping.

Yes I did run combofix earlier this month by following same instructions.
I also came up with a "ultimate defender" virus sometime after posting here.
It was causing problems, like changing account logins and time display.
The last reply I got at "am I infeccted and what do I do now" said not to run anything new.
I thought I was loosing the system so I ran the following.
I ran Avira AntiVir Personnel, ATF, SAS, ESET online scan, Goored Fix, and RootRepeal.
As these where the tools we used in "am I infeccted and what do I do now" posts.



ComboFix 10-02-19.03 - admin 02/19/2010 20:53:53.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.187 [GMT -6:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-20 to 2010-02-20 )))))))))))))))))))))))))))))))
.

2010-02-19 22:41 . 2010-02-19 22:41 503808 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3b5000c5-n\msvcp71.dll
2010-02-19 22:41 . 2010-02-19 22:41 499712 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3b5000c5-n\jmc.dll
2010-02-19 22:41 . 2010-02-19 22:41 348160 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3b5000c5-n\msvcr71.dll
2010-02-19 22:41 . 2010-02-19 22:41 61440 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4618c906-n\decora-sse.dll
2010-02-19 22:41 . 2010-02-19 22:41 12800 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4618c906-n\decora-d3d.dll
2010-02-19 00:55 . 2010-02-19 00:55 -------- d-sh--w- c:\documents and settings\admin\IECompatCache
2010-02-19 00:49 . 2010-02-19 00:49 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2010-02-18 22:22 . 2010-02-18 22:22 -------- d-sh--w- c:\documents and settings\scooby dooby doo!!!!\IECompatCache
2010-02-18 22:21 . 2010-02-18 22:21 -------- d-sh--w- c:\documents and settings\scooby dooby doo!!!!\PrivacIE
2010-02-18 07:29 . 2010-02-18 07:29 -------- d-----w- c:\documents and settings\admin\Application Data\FaxCtr
2010-02-18 07:27 . 2010-02-19 00:55 -------- d-----w- c:\documents and settings\admin
2010-02-17 04:47 . 2010-02-17 04:47 -------- d-----w- c:\documents and settings\rock star!!!!!!!!!!!\Application Data\Motive
2010-02-17 00:35 . 2010-02-17 00:35 -------- d-----w- c:\documents and settings\MOMMIE\Application Data\SUPERAntiSpyware.com
2010-02-16 22:21 . 2010-02-16 22:21 -------- d-----w- c:\program files\Common Files\Java
2010-02-16 22:21 . 2010-02-16 22:21 503808 ----a-w- c:\documents and settings\rock star!!!!!!!!!!!\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-511edc56-n\msvcp71.dll
2010-02-16 22:21 . 2010-02-16 22:21 499712 ----a-w- c:\documents and settings\rock star!!!!!!!!!!!\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-511edc56-n\jmc.dll
2010-02-16 22:21 . 2010-02-16 22:21 348160 ----a-w- c:\documents and settings\rock star!!!!!!!!!!!\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-511edc56-n\msvcr71.dll
2010-02-16 22:21 . 2010-02-16 22:21 61440 ----a-w- c:\documents and settings\rock star!!!!!!!!!!!\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3c3d2129-n\decora-sse.dll
2010-02-16 22:21 . 2010-02-16 22:21 12800 ----a-w- c:\documents and settings\rock star!!!!!!!!!!!\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3c3d2129-n\decora-d3d.dll
2010-02-16 22:21 . 2010-02-16 22:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-15 03:16 . 2010-02-15 03:16 -------- d-----w- c:\program files\ESET
2010-02-14 17:43 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-14 17:43 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-14 17:43 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-14 17:42 . 2010-02-14 17:42 -------- d-----w- c:\program files\Avira
2010-02-14 17:42 . 2010-02-14 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-02-14 01:18 . 2010-02-14 01:18 52224 ----a-w- c:\documents and settings\rock star!!!!!!!!!!!\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-14 01:18 . 2010-02-18 12:55 117760 ----a-w- c:\documents and settings\rock star!!!!!!!!!!!\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-14 01:14 . 2010-02-14 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-14 01:14 . 2010-02-17 00:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-14 01:14 . 2010-02-14 01:14 -------- d-----w- c:\documents and settings\rock star!!!!!!!!!!!\Application Data\SUPERAntiSpyware.com
2010-02-14 01:10 . 2010-02-14 01:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-13 18:56 . 2010-02-13 18:56 -------- d-----w- c:\program files\Trend Micro
2010-02-13 16:18 . 2010-02-13 16:18 -------- d-sh--w- c:\documents and settings\Shawn the COWBOY!!!!\PrivacIE
2010-02-13 02:33 . 2010-02-13 02:33 -------- d-sh--w- c:\documents and settings\HP_Owner\IETldCache
2010-02-13 02:03 . 2010-02-13 02:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-12 16:56 . 2010-02-12 16:56 -------- d-sh--w- c:\documents and settings\rock star!!!!!!!!!!!\IECompatCache
2010-02-12 04:43 . 2010-02-12 04:43 -------- d-sh--w- c:\documents and settings\scooby dooby doo!!!!\IETldCache
2010-02-12 04:41 . 2010-02-12 04:41 -------- d-sh--w- c:\documents and settings\Shawn the COWBOY!!!!\IETldCache
2010-02-11 23:14 . 2010-02-12 16:52 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-11 13:11 . 2010-02-11 13:11 -------- d-sh--w- c:\documents and settings\rock star!!!!!!!!!!!\PrivacIE
2010-02-11 13:10 . 2010-02-11 13:10 -------- d-sh--w- c:\documents and settings\rock star!!!!!!!!!!!\IETldCache
2010-02-11 03:44 . 2010-02-11 03:44 -------- d-sh--w- c:\documents and settings\Guest\IECompatCache
2010-02-11 02:21 . 2010-02-11 02:21 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2010-02-11 02:21 . 2010-02-11 02:21 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2010-02-10 21:37 . 2010-02-10 21:37 -------- d-sh--w- c:\documents and settings\MOMMIE\IECompatCache
2010-02-10 21:33 . 2010-02-10 21:33 -------- d-sh--w- c:\documents and settings\MOMMIE\PrivacIE
2010-02-10 21:32 . 2010-02-10 21:32 -------- d-sh--w- c:\documents and settings\MOMMIE\IETldCache
2010-02-10 21:28 . 2010-02-10 21:29 -------- dc-h--w- c:\windows\ie8
2010-02-09 15:52 . 2010-02-09 15:53 -------- d-----w- c:\windows\system32\NtmsData
2010-02-08 02:38 . 2010-02-08 02:44 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-02-07 20:49 . 2010-02-07 20:50 -------- d-----w- c:\documents and settings\rock star!!!!!!!!!!!\Local Settings\Application Data\Adobe
2010-02-07 17:37 . 2010-02-07 17:37 -------- d-----w- c:\documents and settings\rock star!!!!!!!!!!!\Application Data\Malwarebytes
2010-02-07 07:28 . 2010-02-07 07:28 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes
2010-02-03 22:33 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 22:33 . 2010-02-03 22:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 22:33 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-02 23:26 . 2010-02-02 23:26 -------- d-----w- c:\documents and settings\MOMMIE\Application Data\Malwarebytes
2010-02-02 21:21 . 2010-02-02 21:21 -------- d-----w- c:\documents and settings\scooby dooby doo!!!!\Application Data\Malwarebytes
2010-02-02 21:21 . 2010-02-02 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-02 20:32 . 2010-02-19 00:40 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-02-02 20:32 . 2010-02-13 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-02-02 20:32 . 2010-02-02 20:32 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-02-02 15:50 . 2010-02-02 15:50 119296 --sha-r- c:\windows\system32\cfgbkendy.dll
2010-02-01 02:26 . 2004-08-04 05:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-02-01 02:26 . 2004-08-04 05:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-26 17:44 . 2010-01-26 17:44 -------- d-----w- c:\documents and settings\MOMMIE\Local Settings\Application Data\Yahoo!
2010-01-26 17:28 . 2010-01-26 17:28 -------- d-----w- c:\documents and settings\MOMMIE\Application Data\Yahoo!
2010-01-21 23:28 . 2010-01-21 23:28 -------- d-----w- c:\program files\iPod
2010-01-21 23:27 . 2010-01-21 23:28 -------- d-----w- c:\program files\iTunes
2010-01-21 23:24 . 2010-01-21 23:24 -------- d-----w- c:\program files\QuickTime
2010-01-21 22:35 . 2010-01-21 22:35 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 07:28 . 2005-05-23 03:58 -------- d-----w- c:\program files\Web Publish
2010-02-16 22:20 . 2004-10-22 00:27 -------- d-----w- c:\program files\Java
2010-02-14 17:26 . 2005-01-08 05:48 -------- d-----w- c:\program files\Yahoo!
2010-02-13 23:28 . 2009-06-23 00:56 -------- d-----w- c:\program files\Bonjour
2010-02-08 22:18 . 2005-01-07 21:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-08 22:09 . 2004-10-22 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-27 14:47 . 2006-06-03 20:17 -------- d-----w- c:\program files\Lx_cats
2010-01-21 23:28 . 2009-06-23 00:53 -------- d-----w- c:\program files\Common Files\Apple
2009-12-30 21:02 . 2009-12-30 20:59 -------- d-----w- c:\program files\PhoTags Express
2009-12-30 21:01 . 2004-10-22 01:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 16:34 . 2009-12-18 16:34 0 ----a-w- c:\documents and settings\rock star!!!!!!!!!!!\Application Data\wklnhst.dat
2009-12-14 01:34 . 2009-12-14 01:34 127872 ----a-w- c:\documents and settings\scooby dooby doo!!!!\Application Data\Move Networks\uninstall.exe
2009-12-14 01:34 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\scooby dooby doo!!!!\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-12-13 17:57 . 2009-12-13 17:57 127872 ----a-w- c:\documents and settings\MOMMIE\Application Data\Move Networks\uninstall.exe
2009-12-13 17:57 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\MOMMIE\Application Data\Move Networks\plugins\npqmp071503000010.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-13_22.54.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-19 19:53 . 2010-02-19 19:53 16384 c:\windows\temp\Perflib_Perfdata_634.dat
+ 2010-02-14 17:42 . 2009-05-11 15:12 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2004-10-21 23:53 . 2010-02-12 23:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-10-21 23:53 . 2010-02-20 00:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-14 17:46 . 2010-02-20 00:38 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-02-14 01:14 . 2010-02-14 01:14 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-02-14 01:14 . 2010-02-14 01:14 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-02-14 01:14 . 2010-02-14 01:14 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2010-02-16 22:21 . 2010-02-16 22:20 153376 c:\windows\system32\javaws.exe
+ 2010-02-16 22:21 . 2010-02-16 22:20 145184 c:\windows\system32\javaw.exe
+ 2010-02-16 22:21 . 2010-02-16 22:20 145184 c:\windows\system32\java.exe
+ 2010-02-16 22:21 . 2010-02-16 22:21 178176 c:\windows\Installer\5bce8.msi
+ 2010-02-16 22:20 . 2010-02-16 22:20 577536 c:\windows\Installer\5bce2.msi
+ 2010-02-14 01:14 . 2010-02-14 01:14 1583616 c:\windows\Installer\f965e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-10-22 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"SiSPower"="SiSPower.dll" [2004-09-24 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-08 57344]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"Lexmark 5200 series"="c:\program files\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 57344]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-02-23 61440]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 294912]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-02-18 5609280]

c:\documents and settings\scooby dooby doo!!!!\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-8-3 256000]

c:\documents and settings\Shawn the COWBOY!!!!\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-12-1 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-12-24 303104]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Photags AutoDetect.lnk - c:\program files\PhoTags Express\Photags AutoDetect.exe [2009-12-30 368640]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2121:UDP"= 2121:UDP:Windows Media Format SDK (iexplore.exe)
"2120:UDP"= 2120:UDP:Windows Media Format SDK (iexplore.exe)
"2123:UDP"= 2123:UDP:Windows Media Format SDK (iexplore.exe)
"2127:UDP"= 2127:UDP:Windows Media Format SDK (iexplore.exe)
"2126:UDP"= 2126:UDP:Windows Media Format SDK (iexplore.exe)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/14/2010 11:42 AM 108289]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [6/4/2006 10:37 AM 45568]
R3 PxHelper;PxHelper;c:\windows\system32\drivers\PxHelper.sys [4/28/2006 5:56 AM 15776]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-10-11 05:25]

2008-03-23 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 15:50]
.
.
------- Supplementary Scan -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 21:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2010-02-19 21:07:03
ComboFix-quarantined-files.txt 2010-02-20 03:07
ComboFix2.txt 2010-02-13 23:01
ComboFix3.txt 2010-02-13 18:38

Pre-Run: 117,981,474,816 bytes free
Post-Run: 118,059,917,312 bytes free

- - End Of File - - 1A9FDB85869478641D77E3FE2DF9AE0C




#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 20 February 2010 - 02:29 PM

Are the problems/redirects still there? Combofix didn't remove much in terms of files, folders. Perform a Malwarebytes scan followed by a Kaspersky scan. The Kaspersky scan may taek a while though.

Update and Scan with MalwareBytes Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Go to the Update tab
  • Select Check for Update and let MBAM download and install any available updates.
  • After the update is complete go to the Scanner tab.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 truckyxp

truckyxp
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:minnesota
  • Local time:06:52 PM

Posted 21 February 2010 - 10:29 AM

Hello.
Still have redirect on limited account profile. This is the only profile that I have seen the redirect on.

Had to run kaspersky in safe mode, the first scan just stopped at 80%

Malwarebytes' Anti-Malware 1.44
Database version: 3767
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/20/2010 2:13:22 PM
mbam-log-2010-02-20 (14-13-22).txt

Scan type: Quick Scan
Objects scanned: 197137
Time elapsed: 21 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, February 21, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, February 21, 2010 06:26:49
Records in database: 3603235
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\

Scan statistics:
Objects scanned: 125266
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 03:49:38


File name / Threat / Threats count
C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-2b4f45c-2dba8029.zip Infected: Trojan-Downloader.Java.OpenConnection.ap 1
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

Selected area has been scanned.



DDS (Ver_09-12-01.01) - NTFSx86
Run by admin at 9:17:01.40 on Sun 02/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.84 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [Lexmark 5200 series] "c:\program files\lexmark 5200 series\lxbtbmgr.exe"
mRun: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBTtime.dll,_RunDLLEntry@16
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wincin~1.lnk - c:\program files\sandisk\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photag~1.lnk - c:\program files\photags express\Photags AutoDetect.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265159937671
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-14 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-14 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-14 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-11 56816]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [2006-6-4 45568]
R3 PxHelper;PxHelper;c:\windows\system32\drivers\PxHelper.sys [2006-4-28 15776]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

=============== Created Last 30 ================

2010-02-21 06:02:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-20 19:47:53 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2010-02-19 00:55:58 0 d-sh--w- c:\documents and settings\admin\IECompatCache
2010-02-19 00:49:23 0 d-sh--w- c:\documents and settings\admin\PrivacIE
2010-02-18 07:29:26 0 d-----w- c:\docume~1\admin\applic~1\FaxCtr
2010-02-18 07:28:03 0 d-----w- c:\docume~1\admin\applic~1\Symantec
2010-02-16 22:21:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-16 22:21:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-15 03:16:03 0 d-----w- c:\program files\ESET
2010-02-14 17:42:56 0 d-----w- c:\program files\Avira
2010-02-14 17:42:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-02-14 16:40:09 6 ----a-w- c:\windows\msoffice.ini
2010-02-14 01:14:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-14 01:14:25 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-14 01:10:05 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-14 00:46:21 0 d---a-r- C:\autorun.inf
2010-02-13 18:56:33 0 d-----w- c:\program files\Trend Micro
2010-02-13 18:17:05 98816 ----a-w- c:\windows\sed.exe
2010-02-13 18:17:05 77312 ----a-w- c:\windows\MBR.exe
2010-02-13 18:17:05 261632 ----a-w- c:\windows\PEV.exe
2010-02-13 18:17:05 161792 ----a-w- c:\windows\SWREG.exe
2010-02-11 23:14:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-10 21:28:05 0 dc-h--w- c:\windows\ie8
2010-02-09 15:52:42 0 d-----w- c:\windows\system32\NtmsData
2010-02-08 02:38:22 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-02-03 22:33:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 22:33:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 22:33:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-02 21:21:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-02 20:32:39 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-02-02 20:32:24 0 d-----w- c:\program files\Hitman Pro 3.5
2010-02-02 20:32:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-02-02 17:53:47 917504 ----a-w- c:\windows\system32\FLASH.OCX
2010-02-02 15:50:28 119296 --sha-r- c:\windows\system32\cfgbkendy.dll
2010-02-01 02:26:16 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-02-01 02:26:16 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

==================== Find3M ====================


============= FINISH: 9:17:07.98 ===============

Attached Files



#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 21 February 2010 - 10:49 AM

Run this on your limited account please....

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 truckyxp

truckyxp
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:minnesota
  • Local time:06:52 PM

Posted 21 February 2010 - 11:17 AM

Hi,

OTL logfile created on: 2/21/2010 10:06:01 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\MOMMIE\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 116.00 Mb Available Physical Memory | 30.00% Memory free
920.00 Mb Paging File | 586.00 Mb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.96 Gb Total Space | 109.94 Gb Free Space | 76.90% Space Free | Partition Type: NTFS
Drive D: | 6.07 Gb Total Space | 0.71 Gb Free Space | 11.66% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-03667082DE
Current User Name: MOMMIE
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/21 10:02:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOMMIE\Desktop\OTL.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/26 17:37:14 | 000,303,104 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
PRC - [2006/04/25 08:32:10 | 000,368,640 | ---- | M] () -- C:\Program Files\PhoTags Express\Photags AutoDetect.exe
PRC - [2005/03/04 11:01:56 | 000,088,209 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/09/07 21:47:52 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2004/06/07 19:42:30 | 000,659,456 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon06.exe
PRC - [2004/05/29 06:31:38 | 000,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/03/04 09:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2004/02/24 11:24:36 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
PRC - [2004/02/24 11:10:59 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
PRC - [2003/12/22 08:38:42 | 000,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2003/12/22 08:38:40 | 000,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2003/02/11 21:02:48 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [1998/05/07 17:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/21 10:02:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOMMIE\Desktop\OTL.exe
MOD - [2006/08/25 09:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-153415850-26434597-3537357269-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-153415850-26434597-3537357269-1011\S-1-5-21-153415850-26434597-3537357269-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2010/02/13 12:32:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Lexmark 5200 series] C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LXBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-153415850-26434597-3537357269-1011..\Run: [MMNQHCFU] C:\WINDOWS\System32\cfgbkendy.DLL ()
O4 - HKU\S-1-5-21-153415850-26434597-3537357269-1011..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\..Trusted Domains: gatecitybank.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1265159937671 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\MOMMIE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MOMMIE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/09 10:19:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/13 18:46:21 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/02/13 18:46:22 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/11/10 19:36:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.MP42 - C:\WINDOWS\System32\MPG4c32.dll ()
Drivers32: vidc.MP43 - C:\WINDOWS\System32\MPG4c32.dll ()
Drivers32: vidc.MPG4 - C:\WINDOWS\System32\MPG4c32.dll ()
Drivers32: VIDC.SP54 - C:\WINDOWS\System32\Sp5x_32.dll (Sunplus)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/21 10:02:36 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MOMMIE\Desktop\OTL.exe
[2010/02/16 18:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMMIE\Application Data\SUPERAntiSpyware.com
[2010/02/16 16:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/16 16:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/16 16:21:17 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/16 16:21:17 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/16 16:21:17 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/16 16:21:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/16 16:21:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/14 21:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/14 13:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/02/14 11:43:02 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/02/14 11:43:02 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/02/14 11:43:01 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/02/14 11:42:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/02/14 11:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/14 11:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/02/13 19:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/13 19:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/13 19:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/13 18:46:21 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2010/02/13 17:01:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/13 12:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/13 12:17:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/13 12:17:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/13 12:17:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/13 12:17:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/13 12:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/13 12:04:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/11 17:14:43 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/10 15:37:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MOMMIE\IECompatCache
[2010/02/10 15:33:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MOMMIE\PrivacIE
[2010/02/10 15:32:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MOMMIE\IETldCache
[2010/02/10 15:28:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/09 09:52:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/07 20:38:22 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/02/03 16:33:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/03 16:33:34 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/03 16:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/02 17:26:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMMIE\Application Data\Malwarebytes
[2010/02/02 15:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/02 14:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/02/02 14:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/02 11:53:47 | 000,917,504 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2010/01/31 20:26:16 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/01/31 20:26:16 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/01/26 11:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMMIE\Local Settings\Application Data\Yahoo!
[2010/01/26 11:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMMIE\Application Data\Yahoo!
[2009/07/13 12:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/06/20 11:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/06/20 10:55:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/01/22 22:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2004/10/21 17:54:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/10/21 17:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/21 10:02:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOMMIE\Desktop\OTL.exe
[2010/02/21 09:58:51 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/02/21 09:37:53 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/21 09:21:57 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\MOMMIE\NTUSER.DAT
[2010/02/21 09:21:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\MOMMIE\ntuser.ini
[2010/02/21 09:15:30 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/02/21 09:02:02 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/21 09:01:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/21 08:57:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/21 08:57:27 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/21 00:02:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/20 23:53:03 | 004,285,336 | -H-- | M] () -- C:\Documents and Settings\MOMMIE\Local Settings\Application Data\IconCache.db
[2010/02/19 21:03:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/16 16:20:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/16 16:20:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/16 16:20:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/16 16:20:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/16 16:20:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/14 11:44:00 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/02/14 10:40:16 | 000,000,717 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/14 10:40:13 | 000,000,006 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/02/13 12:32:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/12 10:52:23 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/10 15:30:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 09:02:03 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\MOMMIE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 16:17:29 | 000,444,974 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/08 16:17:29 | 000,384,926 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/08 16:17:29 | 000,054,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/08 15:51:18 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/02/07 20:44:07 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/02/07 20:34:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/02/07 20:34:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/02/07 19:37:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/02/07 19:37:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/02/07 18:11:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/02/07 18:11:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/02/07 18:11:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/02/07 18:11:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/02/06 10:49:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/02/06 10:49:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/02/05 17:31:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/02/05 17:31:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/02/04 14:50:36 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/03 20:00:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/02/02 11:53:47 | 000,917,504 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2010/02/02 09:50:28 | 000,119,296 | RHS- | M] () -- C:\WINDOWS\System32\cfgbkendy.dll
[2010/02/01 13:24:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/31 20:34:05 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/01/31 20:28:35 | 000,000,109 | ---- | M] () -- C:\WINDOWS\marscam.ini
[2010/01/31 14:56:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/01/31 14:56:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/01/30 14:37:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/01/30 14:37:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/01/27 08:44:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/01/27 08:44:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/01/24 21:17:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/01/24 21:17:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/01/24 16:03:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/01/24 16:03:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/01/24 15:04:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/01/24 15:04:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/21 09:37:53 | 402,182,144 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/21 00:02:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/14 11:44:00 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/02/14 10:40:09 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/02/13 12:17:05 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/13 12:17:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/13 12:17:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/13 12:17:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/13 12:17:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/09 09:02:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\MOMMIE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/02 14:32:39 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/02 09:50:28 | 000,119,296 | RHS- | C] () -- C:\WINDOWS\System32\cfgbkendy.dll
[2009/12/30 15:01:04 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2009/03/16 12:01:14 | 000,000,109 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2009/03/16 11:46:53 | 000,000,073 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2008/09/22 13:07:57 | 000,000,227 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/05/09 20:29:09 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/11 19:28:19 | 000,000,123 | ---- | C] () -- C:\WINDOWS\MVPHEART.INI
[2008/01/23 19:51:59 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/12/25 13:13:22 | 000,000,114 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2007/12/24 22:10:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/03/19 11:33:16 | 000,000,368 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/01/14 14:03:53 | 000,000,239 | ---- | C] () -- C:\WINDOWS\MVPBR.INI
[2007/01/14 11:14:33 | 000,000,038 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/01/14 10:52:11 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2007/01/14 10:45:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\MVPSPADE.INI
[2007/01/14 10:26:20 | 000,000,244 | ---- | C] () -- C:\WINDOWS\MVPCRIB.INI
[2006/12/05 18:01:50 | 000,000,231 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/11/26 14:56:21 | 000,000,073 | ---- | C] () -- C:\WINDOWS\PUZZLES.INI
[2006/11/25 12:51:19 | 000,000,902 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/07/13 08:10:25 | 000,000,015 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2006/07/05 19:24:01 | 000,000,351 | ---- | C] () -- C:\WINDOWS\smsafari.ini
[2006/06/04 16:19:50 | 000,001,238 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/06/03 16:29:48 | 000,000,434 | ---- | C] () -- C:\WINDOWS\Operation.ini
[2006/06/03 14:19:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006/06/03 14:19:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006/06/03 14:15:33 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lxbtsnls.dll
[2006/06/03 14:15:32 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\lxbtcoin.dll
[2006/06/03 14:15:31 | 000,001,832 | R--- | C] () -- C:\WINDOWS\System32\lxbtprod.ini
[2006/01/18 20:03:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/11/04 11:29:36 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\MOMMIE\Local Settings\Application Data\fusioncache.dat
[2005/08/27 13:19:59 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.HP_Owner.ini
[2005/05/22 21:57:57 | 001,028,096 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2005/05/22 21:57:55 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2005/05/22 21:57:53 | 001,200,128 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2005/05/22 21:57:52 | 001,265,664 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2005/05/22 21:57:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2005/05/22 21:57:50 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2005/05/22 21:57:48 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2005/05/22 21:57:44 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2005/05/22 21:57:41 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2005/05/22 21:57:39 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2005/05/22 21:56:50 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/05/22 21:56:25 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\fplayer.dll
[2005/05/22 21:53:58 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2005/05/22 21:53:54 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2005/03/30 23:01:24 | 000,000,064 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/03/07 20:03:23 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/02/06 17:28:20 | 000,004,005 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/02/05 14:36:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/01/31 07:51:46 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll
[2005/01/17 20:35:54 | 000,012,539 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/12 10:55:50 | 000,010,466 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2005/01/08 13:00:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004/12/09 10:17:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/12/09 10:17:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/12/09 10:17:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/12/09 10:17:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/12/09 10:17:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/12/09 10:17:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/12/09 10:09:41 | 000,190,524 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/12/09 10:09:41 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/10/22 15:35:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/21 20:21:50 | 000,014,529 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/21 20:21:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/21 19:55:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/21 19:05:48 | 000,001,444 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/10/21 18:17:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/21 18:17:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/21 18:15:49 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/21 17:55:39 | 000,000,904 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/21 17:36:39 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/14 00:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 04:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 04:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/02/19 11:31:34 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\lxbthwdf.dll
[2003/06/23 10:06:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbtvs.dll
[2003/04/11 00:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/12 09:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 09:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2001/04/02 20:21:52 | 000,413,760 | ---- | C] () -- C:\WINDOWS\System32\MPG4c32.dll
[2000/12/07 09:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini

========== LOP Check ==========

[2010/02/12 20:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2007/05/07 20:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/11/25 12:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2009/10/03 17:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/22 19:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2004/10/21 20:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2008/11/02 08:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\InterVideo
[2004/10/21 20:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\SampleView
[2010/02/21 09:15:30 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2008/03/23 17:40:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/05/05 14:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/06/22 19:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/06/22 18:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/14 11:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2006/06/03 14:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FaxCtr
[2009/01/01 21:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2004/10/21 19:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/02/12 20:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2004/12/09 10:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2006/12/25 10:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/02/02 15:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/18 18:46:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2004/10/21 20:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/05/07 20:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/07/13 08:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2004/10/21 17:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2010/02/16 16:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/13 19:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/08 16:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2006/11/25 12:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2006/06/05 12:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/09/24 15:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/10/03 17:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/22 19:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 14:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
[2010/01/21 16:35:03 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

< %APPDATA%\*. >
[2009/03/27 08:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Adobe
[2009/10/17 11:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Apple Computer
[2006/06/13 19:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\FaxCtr
[2008/09/06 14:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Google
[2004/10/21 17:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Identities
[2008/11/02 08:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\InterVideo
[2005/11/05 17:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Macromedia
[2010/02/02 17:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Malwarebytes
[2010/02/10 14:58:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\MOMMIE\Application Data\Microsoft
[2009/12/13 11:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Move Networks
[2009/11/02 21:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Real
[2004/10/21 20:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\SampleView
[2004/10/21 20:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Sonic
[2004/10/21 18:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Sun
[2010/02/16 18:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\SUPERAntiSpyware.com
[2006/04/29 01:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Symantec
[2010/01/26 11:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2004/10/21 19:06:45 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\MOMMIE\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
[2009/12/13 11:57:16 | 000,127,872 | ---- | M] () -- C:\Documents and Settings\MOMMIE\Application Data\Move Networks\uninstall.exe
[2009/06/16 00:35:42 | 000,097,144 | ---- | M] () -- C:\Documents and Settings\MOMMIE\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe

< %SYSTEMDRIVE%\*.exe >
[2006/08/14 17:08:04 | 000,484,632 | ---- | M] (Microsoft Corporation) -- C:\DXSETUP.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/02/02 09:50:28 | 000,119,296 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\cfgbkendy.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >






OTL Extras logfile created on: 2/21/2010 10:06:01 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\MOMMIE\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 116.00 Mb Available Physical Memory | 30.00% Memory free
920.00 Mb Paging File | 586.00 Mb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.96 Gb Total Space | 109.94 Gb Free Space | 76.90% Space Free | Partition Type: NTFS
Drive D: | 6.07 Gb Total Space | 0.71 Gb Free Space | 11.66% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-03667082DE
Current User Name: MOMMIE
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"2121:UDP" = 2121:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2120:UDP" = 2120:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2123:UDP" = 2123:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2127:UDP" = 2127:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2126:UDP" = 2126:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01596976-D807-41A5-90D0-535C531B4082}" = Rider's World - I Want to Ride
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C1D270-DD63-4E4A-875B-1347C5998E08}" = Rugrats™ All Growed Up
"{094FABA0-4865-11D4-95B6-000103485DB6}" = SimCoaster
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}" = HP Image Zone Plus 4.2.3
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{1707BF02-0F5C-4A6C-8F17-053BB73E443F}" = Tabbed Browsing (Windows Live Toolbar)
"{1D2E2C9C-5661-4383-945D-F6F787329B51}" = Chicken Little
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{38BFF930-86E6-4061-8951-88E506760E78}" = The Fairly OddParents Demo
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3E6955D3-CD0F-4593-9D5A-871FA8E4DC7D}" = Disney Mix Stick
"{3EE9EB18-62AD-4F68-AD11-2DF358CBDCA2}" = RollerCoaster Tycoon
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C04DF1B-6A39-4299-9DD1-1FA60000266E}" = HP Photosmart Cameras 4.0
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{561A9B4E-2E48-4149-B977-59C7AFF62B52}" = HPIZ423
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{725249C3-B94C-4141-8799-0D3BA43D0812}" = CameraDrivers
"{74715EE0-D979-4690-ACF9-9C3693AD36FE}" = Island Xtreme Stunts
"{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{801D8B6D-8B1A-4796-8F3E-E1978BE0B24C}" = SpongeBob SquarePants - Battle for Bikini Bottom DEMO
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{857343AD-9A00-4287-BF8B-F65C9633CA0C}" = MyCam CIF
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}" = Windows Live Toolbar
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}" = Soccer Mania
"{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD
"{B1591C79-1C35-4E09-AA15-F7D6923AFB96}" = HP Deskjet 3840
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B98D958E-9E59-43B7-B47F-043D45D73EE6}" = SpongeBob SquarePants - The Movie
"{B9BD9BF5-F1D1-4904-B348-40D0E9FF0023}" = Scooby-Doo 2 - Monsters Unleashed
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D00353E1-9A80-11D8-A6E6-0000E24CCC1B}" = Digital Camera
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{DB093244-7D79-4384-0081-633D3B2C1244}" = LOTR The Return of the King ™ Demo
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{EAAF6E29-8F61-4730-9256-ACE3540F161A}" = Police Chase
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}" = Form Fill (Windows Live Toolbar)
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"040a_5005" = USB MassStorage CardReader
"3D Frog Frenzy" = 3D Frog Frenzy
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"ATW1G" = JumpStart Around the World - 1st Grade
"ATW2G" = JumpStart Around the World - 2nd Grade
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Best Buy Digital Music Store" = Best Buy Digital Music Store
"Board Games" = Board Games
"Bugs Bunny Lost In Time" = Bugs Bunny Lost In Time
"Card Games for Windows" = Card Games for Windows
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crossword Maker" = Crossword Maker
"DeleteProdRunControl_US" = IBM ViaVoice Command and Control Runtime 5.3
"Disney's Magic Artist Studio" = Disney's Magic Artist Studio
"ESET Online Scanner" = ESET Online Scanner v3
"Fish Tycoon" = Fish Tycoon (remove only)
"GAP School Rules!" = GAP School Rules!
"Help and Support Additions" = Help and Support Additions
"HP Photo & Imaging" = HP Image Zone 4.2.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{74715EE0-D979-4690-ACF9-9C3693AD36FE}" = Island Xtreme Stunts
"InstallShield_{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}" = Soccer Mania
"InterActual Player" = InterActual Player
"Jimmy Neutron vs. Jimmy Negatron DEMO" = Jimmy Neutron vs. Jimmy Negatron DEMO
"JS1G2001" = JumpStart 1st Grade 2001
"JS2G2001" = JumpStart 2nd Grade 2001
"Las Vegas Super Casino Plus" = Las Vegas Super Casino Plus
"Lexmark 5200 Series" = Lexmark 5200 Series
"Little Mermaid II" = Little Mermaid II Return to the Sea
"Magic Ball 2" = Magic Ball 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Man in the Moon" = Man in the Moon
"MathRock" = Schoolhouse Rock: Math Rock
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Monopoly" = Monopoly
"Monopoly Junior" = Monopoly Junior
"mr97310c_79b33283ba293e6c94e125bce27e0ecded0a2591" = Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image 05/02/2006 2.0.1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Amazing Human Body" = My Amazing Human Body
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpDKey" = Operation
"Petz 4" = Petz 4
"PhoTagsExpress" = PhoTags Express
"Pokeringo" = Pokeringo
"Product_Name" = Millennium Gamepak Gold
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealPlayer
"Reel Deal Casino Shuffle Master Edition_is1" = Reel Deal Casino Shuffle Master Edition
"Scholastic's I SPY School Days" = Scholastic's I SPY School Days
"Sesame Street Elmo's Preschool" = Sesame Street Elmo's Preschool
"SimSafariUninstall" = SimSafari
"SimTown95v1" = SimTown
"SiS VGA Driver" = SiS VGA Utilities
"Slingo" = Slingo
"Slots 100" = Slots 100
"SpongeBob SquarePants" = SpongeBob SquarePants® Operation Krabby Patty
"The Game Of Life" = The Game Of Life
"Theme Park World" = SimTheme Park
"Top 30 Games 4 Kids" = Top 30 Games 4 Kids
"Ultimate Ride Kelloggs Preview" = Ultimate Ride Preview Kelloggs
"UnityWebPlayer" = Unity Web Player
"VV_Outloud_En_US" = IBM ViaVoice Outloud Runtime - US English
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-153415850-26434597-3537357269-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >


#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 22 February 2010 - 08:01 PM

Hello.

Do the following...

Run Script with OTL
  1. Please reopen on your desktop.If you are using Vista, please right-click and select run as administrator
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    O4 - HKU\S-1-5-21-153415850-26434597-3537357269-1011..\Run: [MMNQHCFU] C:\WINDOWS\System32\cfgbkendy.DLL ()
    :Files
    C:\WINDOWS\system32\cfgbkendy.dll
    :commands
    [CREATERESTOREPOINT]
    [resethosts]
    [emptytemp]
    [Reboot]
  3. Push
  4. OTLI2 may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403

After the reboot, are redirects still there?
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 truckyxp

truckyxp
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:minnesota
  • Local time:06:52 PM

Posted 23 February 2010 - 09:23 AM

The redirects are gone.
WOW!!!

#10 truckyxp

truckyxp
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:minnesota
  • Local time:06:52 PM

Posted 23 February 2010 - 11:50 AM

redirects are gone.



All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-153415850-26434597-3537357269-1011\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\System32\cfgbkendy.DLL not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\cfgbkendy.dll not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (64424509440)
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: admin
->Temp folder emptied: 195576 bytes
->Temporary Internet Files folder emptied: 8160983 bytes
->Java cache emptied: 128123 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: BREAK DA RULES!!!!!
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Gracie!!!!!!!!!!!!!!

User: Guest
->Temp folder emptied: 208391 bytes
->Temporary Internet Files folder emptied: 85993 bytes
->Java cache emptied: 3659422 bytes

User: HP_Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: MOMMIE
->Temp folder emptied: 1257 bytes
->Temporary Internet Files folder emptied: 1235303 bytes
->Java cache emptied: 115284 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: rock star!!!!!!!!!!!
->Temp folder emptied: 3204 bytes
->Temporary Internet Files folder emptied: 327974 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 2807448 bytes

User: scooby dooby doo!!!!
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 15433959 bytes
->Java cache emptied: 124011 bytes
->Apple Safari cache emptied: 43907935 bytes

User: Shawn the COWBOY!!!!
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 18440756 bytes

%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2675729 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 416 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 81765 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 93.00 mb


OTL by OldTimer - Version 3.1.30.1 log created on 02222010_210845

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 23 February 2010 - 08:03 PM

You're welcome. smile.gif

Let's see one last OTL run to confirm everything is clean and we can wrap up next post. smile.gif
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 truckyxp

truckyxp
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:minnesota
  • Local time:06:52 PM

Posted 23 February 2010 - 11:58 PM

Thanks extremeboy, you and your crew do good work here.


OTL logfile created on: 2/23/2010 10:38:26 PM - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\MOMMIE\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 181.00 Mb Available Physical Memory | 47.00% Memory free
920.00 Mb Paging File | 653.00 Mb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.96 Gb Total Space | 109.91 Gb Free Space | 76.88% Space Free | Partition Type: NTFS
Drive D: | 6.07 Gb Total Space | 0.71 Gb Free Space | 11.66% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-03667082DE
Current User Name: MOMMIE
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/21 10:02:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOMMIE\Desktop\OTL.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/26 17:37:14 | 000,303,104 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
PRC - [2006/04/25 08:32:10 | 000,368,640 | ---- | M] () -- C:\Program Files\PhoTags Express\Photags AutoDetect.exe
PRC - [2005/03/04 11:01:56 | 000,088,209 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/09/07 21:47:52 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2004/06/07 19:42:30 | 000,659,456 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon06.exe
PRC - [2004/05/29 06:31:38 | 000,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/03/04 09:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2004/02/24 11:24:36 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
PRC - [2004/02/24 11:10:59 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
PRC - [2003/12/22 08:38:42 | 000,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2003/12/22 08:38:40 | 000,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2003/02/11 21:02:48 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [1998/05/07 17:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/21 10:02:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOMMIE\Desktop\OTL.exe
MOD - [2006/08/25 09:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-153415850-26434597-3537357269-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-153415850-26434597-3537357269-1011\S-1-5-21-153415850-26434597-3537357269-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/02/22 21:09:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Lexmark 5200 series] C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LXBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-153415850-26434597-3537357269-1011..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\..Trusted Domains: gatecitybank.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-153415850-26434597-3537357269-1011\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1265159937671 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\MOMMIE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MOMMIE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/09 10:19:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/13 18:46:21 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/02/13 18:46:22 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/11/10 19:36:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.MP42 - C:\WINDOWS\System32\MPG4c32.dll ()
Drivers32: vidc.MP43 - C:\WINDOWS\System32\MPG4c32.dll ()
Drivers32: vidc.MPG4 - C:\WINDOWS\System32\MPG4c32.dll ()
Drivers32: VIDC.SP54 - C:\WINDOWS\System32\Sp5x_32.dll (Sunplus)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/22 21:01:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/21 10:02:36 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MOMMIE\Desktop\OTL.exe
[2010/02/16 18:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMMIE\Application Data\SUPERAntiSpyware.com
[2010/02/16 16:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/16 16:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/16 16:21:17 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/16 16:21:17 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/16 16:21:17 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/16 16:21:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/16 16:21:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/14 21:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/14 13:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/02/14 11:43:02 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/02/14 11:43:02 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/02/14 11:43:01 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/02/14 11:42:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/02/14 11:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/14 11:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/02/13 19:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/13 19:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/13 19:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/13 18:46:21 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2010/02/13 17:01:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/13 12:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/13 12:17:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/13 12:17:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/13 12:17:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/13 12:17:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/13 12:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/13 12:04:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/11 17:14:43 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/10 15:37:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MOMMIE\IECompatCache
[2010/02/10 15:33:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MOMMIE\PrivacIE
[2010/02/10 15:32:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MOMMIE\IETldCache
[2010/02/10 15:28:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/09 09:52:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/07 20:38:22 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/02/03 16:33:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/03 16:33:34 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/03 16:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/02 17:26:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMMIE\Application Data\Malwarebytes
[2010/02/02 15:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/02 14:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/02/02 14:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/02 11:53:47 | 000,917,504 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2010/01/31 20:26:16 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/01/31 20:26:16 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/01/26 11:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMMIE\Local Settings\Application Data\Yahoo!
[2010/01/26 11:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMMIE\Application Data\Yahoo!
[2009/07/13 12:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/06/20 11:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/06/20 10:55:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/01/22 22:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2004/10/21 17:54:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/10/21 17:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/02/23 22:21:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/23 22:21:42 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/23 22:21:41 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/23 22:20:19 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/02/23 22:15:31 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/02/23 20:12:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/23 11:34:08 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\MOMMIE\NTUSER.DAT
[2010/02/23 10:41:29 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/23 10:39:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\MOMMIE\ntuser.ini
[2010/02/22 21:09:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/02/21 10:02:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOMMIE\Desktop\OTL.exe
[2010/02/21 00:02:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/20 23:53:03 | 004,285,336 | -H-- | M] () -- C:\Documents and Settings\MOMMIE\Local Settings\Application Data\IconCache.db
[2010/02/19 21:03:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/16 16:20:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/16 16:20:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/16 16:20:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/16 16:20:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/16 16:20:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/14 11:44:00 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/02/14 10:40:16 | 000,000,717 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/14 10:40:13 | 000,000,006 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/02/12 10:52:23 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/10 15:30:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 09:02:03 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\MOMMIE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 16:17:29 | 000,444,974 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/08 16:17:29 | 000,384,926 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/08 16:17:29 | 000,054,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/08 15:51:18 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/02/07 20:44:07 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/02/07 20:34:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/02/07 20:34:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/02/07 19:37:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/02/07 19:37:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/02/07 18:11:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/02/07 18:11:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/02/07 18:11:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/02/07 18:11:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/02/06 10:49:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/02/06 10:49:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/02/05 17:31:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/02/05 17:31:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/02/04 14:50:36 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/03 20:00:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/02/02 11:53:47 | 000,917,504 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2010/02/01 13:24:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/31 20:34:05 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/01/31 20:28:35 | 000,000,109 | ---- | M] () -- C:\WINDOWS\marscam.ini
[2010/01/31 14:56:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/01/31 14:56:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/01/30 14:37:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/01/30 14:37:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/01/27 08:44:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/01/27 08:44:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

========== Files Created - No Company Name ==========

[2010/02/23 12:44:41 | 402,182,144 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/21 00:02:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/14 11:44:00 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/02/14 10:40:09 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/02/13 12:17:05 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/13 12:17:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/13 12:17:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/13 12:17:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/13 12:17:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/09 09:02:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\MOMMIE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/02 14:32:39 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/12/30 15:01:04 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2009/03/16 12:01:14 | 000,000,109 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2009/03/16 11:46:53 | 000,000,073 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2008/09/22 13:07:57 | 000,000,227 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/05/09 20:29:09 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/11 19:28:19 | 000,000,123 | ---- | C] () -- C:\WINDOWS\MVPHEART.INI
[2008/01/23 19:51:59 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/12/25 13:13:22 | 000,000,114 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2007/12/24 22:10:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/03/19 11:33:16 | 000,000,368 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/01/14 14:03:53 | 000,000,239 | ---- | C] () -- C:\WINDOWS\MVPBR.INI
[2007/01/14 11:14:33 | 000,000,038 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/01/14 10:52:11 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2007/01/14 10:45:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\MVPSPADE.INI
[2007/01/14 10:26:20 | 000,000,244 | ---- | C] () -- C:\WINDOWS\MVPCRIB.INI
[2006/12/05 18:01:50 | 000,000,231 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/11/26 14:56:21 | 000,000,073 | ---- | C] () -- C:\WINDOWS\PUZZLES.INI
[2006/11/25 12:51:19 | 000,000,902 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/07/13 08:10:25 | 000,000,015 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2006/07/05 19:24:01 | 000,000,351 | ---- | C] () -- C:\WINDOWS\smsafari.ini
[2006/06/04 16:19:50 | 000,001,238 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/06/03 16:29:48 | 000,000,434 | ---- | C] () -- C:\WINDOWS\Operation.ini
[2006/06/03 14:19:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006/06/03 14:19:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006/06/03 14:15:33 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lxbtsnls.dll
[2006/06/03 14:15:32 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\lxbtcoin.dll
[2006/06/03 14:15:31 | 000,001,832 | R--- | C] () -- C:\WINDOWS\System32\lxbtprod.ini
[2006/01/18 20:03:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/11/04 11:29:36 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\MOMMIE\Local Settings\Application Data\fusioncache.dat
[2005/08/27 13:19:59 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.HP_Owner.ini
[2005/05/22 21:57:57 | 001,028,096 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2005/05/22 21:57:55 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2005/05/22 21:57:53 | 001,200,128 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2005/05/22 21:57:52 | 001,265,664 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2005/05/22 21:57:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2005/05/22 21:57:50 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2005/05/22 21:57:48 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2005/05/22 21:57:44 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2005/05/22 21:57:41 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2005/05/22 21:57:39 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2005/05/22 21:56:50 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/05/22 21:56:25 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\fplayer.dll
[2005/05/22 21:53:58 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2005/05/22 21:53:54 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2005/03/30 23:01:24 | 000,000,064 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/03/07 20:03:23 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/02/06 17:28:20 | 000,004,005 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/02/05 14:36:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/01/31 07:51:46 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll
[2005/01/17 20:35:54 | 000,012,539 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/12 10:55:50 | 000,010,466 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2005/01/08 13:00:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004/12/09 10:17:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/12/09 10:17:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/12/09 10:17:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/12/09 10:17:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/12/09 10:17:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/12/09 10:17:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/12/09 10:09:41 | 000,190,524 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/12/09 10:09:41 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/10/22 15:35:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/21 20:21:50 | 000,014,529 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/21 20:21:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/21 19:55:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/21 19:05:48 | 000,001,444 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/10/21 18:17:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/21 18:17:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/21 18:15:49 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/21 17:55:39 | 000,000,904 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/21 17:36:39 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/14 00:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 04:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 04:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/02/19 11:31:34 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\lxbthwdf.dll
[2003/06/23 10:06:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbtvs.dll
[2003/04/11 00:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/12 09:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 09:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2001/04/02 20:21:52 | 000,413,760 | ---- | C] () -- C:\WINDOWS\System32\MPG4c32.dll
[2000/12/07 09:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini

========== LOP Check ==========

[2010/02/12 20:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2007/05/07 20:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/11/25 12:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2009/10/03 17:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/22 19:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2004/10/21 20:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2008/11/02 08:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\InterVideo
[2004/10/21 20:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\SampleView
[2010/02/23 22:15:31 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2008/03/23 17:40:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/05/05 14:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/06/22 19:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/06/22 18:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/14 11:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2006/06/03 14:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FaxCtr
[2009/01/01 21:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2004/10/21 19:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/02/12 20:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2004/12/09 10:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2006/12/25 10:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/02/02 15:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/18 18:46:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2004/10/21 20:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/05/07 20:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/07/13 08:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2004/10/21 17:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2010/02/16 16:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/13 19:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/08 16:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2006/11/25 12:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2006/06/05 12:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/09/24 15:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/10/03 17:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/22 19:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 14:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
[2010/01/21 16:35:03 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

< %APPDATA%\*. >
[2009/03/27 08:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Adobe
[2009/10/17 11:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Apple Computer
[2006/06/13 19:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\FaxCtr
[2008/09/06 14:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Google
[2004/10/21 17:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Identities
[2008/11/02 08:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\InterVideo
[2005/11/05 17:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Macromedia
[2010/02/02 17:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Malwarebytes
[2010/02/10 14:58:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\MOMMIE\Application Data\Microsoft
[2009/12/13 11:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Move Networks
[2009/11/02 21:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Real
[2004/10/21 20:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\SampleView
[2004/10/21 20:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Sonic
[2004/10/21 18:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Sun
[2010/02/16 18:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\SUPERAntiSpyware.com
[2006/04/29 01:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Symantec
[2010/01/26 11:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMMIE\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2004/10/21 19:06:45 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\MOMMIE\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
[2009/12/13 11:57:16 | 000,127,872 | ---- | M] () -- C:\Documents and Settings\MOMMIE\Application Data\Move Networks\uninstall.exe
[2009/06/16 00:35:42 | 000,097,144 | ---- | M] () -- C:\Documents and Settings\MOMMIE\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe

< %SYSTEMDRIVE%\*.exe >
[2006/08/14 17:08:04 | 000,484,632 | ---- | M] (Microsoft Corporation) -- C:\DXSETUP.exe


< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< End of report >



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



OTL Extras logfile created on: 2/23/2010 10:38:26 PM - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\MOMMIE\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 181.00 Mb Available Physical Memory | 47.00% Memory free
920.00 Mb Paging File | 653.00 Mb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.96 Gb Total Space | 109.91 Gb Free Space | 76.88% Space Free | Partition Type: NTFS
Drive D: | 6.07 Gb Total Space | 0.71 Gb Free Space | 11.66% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-03667082DE
Current User Name: MOMMIE
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"2121:UDP" = 2121:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2120:UDP" = 2120:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2123:UDP" = 2123:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2127:UDP" = 2127:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2126:UDP" = 2126:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01596976-D807-41A5-90D0-535C531B4082}" = Rider's World - I Want to Ride
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C1D270-DD63-4E4A-875B-1347C5998E08}" = Rugrats™ All Growed Up
"{094FABA0-4865-11D4-95B6-000103485DB6}" = SimCoaster
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}" = HP Image Zone Plus 4.2.3
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{1707BF02-0F5C-4A6C-8F17-053BB73E443F}" = Tabbed Browsing (Windows Live Toolbar)
"{1D2E2C9C-5661-4383-945D-F6F787329B51}" = Chicken Little
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{38BFF930-86E6-4061-8951-88E506760E78}" = The Fairly OddParents Demo
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3E6955D3-CD0F-4593-9D5A-871FA8E4DC7D}" = Disney Mix Stick
"{3EE9EB18-62AD-4F68-AD11-2DF358CBDCA2}" = RollerCoaster Tycoon
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C04DF1B-6A39-4299-9DD1-1FA60000266E}" = HP Photosmart Cameras 4.0
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{561A9B4E-2E48-4149-B977-59C7AFF62B52}" = HPIZ423
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{725249C3-B94C-4141-8799-0D3BA43D0812}" = CameraDrivers
"{74715EE0-D979-4690-ACF9-9C3693AD36FE}" = Island Xtreme Stunts
"{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{801D8B6D-8B1A-4796-8F3E-E1978BE0B24C}" = SpongeBob SquarePants - Battle for Bikini Bottom DEMO
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{857343AD-9A00-4287-BF8B-F65C9633CA0C}" = MyCam CIF
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}" = Windows Live Toolbar
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}" = Soccer Mania
"{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD
"{B1591C79-1C35-4E09-AA15-F7D6923AFB96}" = HP Deskjet 3840
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B98D958E-9E59-43B7-B47F-043D45D73EE6}" = SpongeBob SquarePants - The Movie
"{B9BD9BF5-F1D1-4904-B348-40D0E9FF0023}" = Scooby-Doo 2 - Monsters Unleashed
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D00353E1-9A80-11D8-A6E6-0000E24CCC1B}" = Digital Camera
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{DB093244-7D79-4384-0081-633D3B2C1244}" = LOTR The Return of the King ™ Demo
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{EAAF6E29-8F61-4730-9256-ACE3540F161A}" = Police Chase
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}" = Form Fill (Windows Live Toolbar)
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"040a_5005" = USB MassStorage CardReader
"3D Frog Frenzy" = 3D Frog Frenzy
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"ATW1G" = JumpStart Around the World - 1st Grade
"ATW2G" = JumpStart Around the World - 2nd Grade
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Best Buy Digital Music Store" = Best Buy Digital Music Store
"Board Games" = Board Games
"Bugs Bunny Lost In Time" = Bugs Bunny Lost In Time
"Card Games for Windows" = Card Games for Windows
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crossword Maker" = Crossword Maker
"DeleteProdRunControl_US" = IBM ViaVoice Command and Control Runtime 5.3
"Disney's Magic Artist Studio" = Disney's Magic Artist Studio
"ESET Online Scanner" = ESET Online Scanner v3
"Fish Tycoon" = Fish Tycoon (remove only)
"GAP School Rules!" = GAP School Rules!
"Help and Support Additions" = Help and Support Additions
"HP Photo & Imaging" = HP Image Zone 4.2.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{74715EE0-D979-4690-ACF9-9C3693AD36FE}" = Island Xtreme Stunts
"InstallShield_{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}" = Soccer Mania
"InterActual Player" = InterActual Player
"Jimmy Neutron vs. Jimmy Negatron DEMO" = Jimmy Neutron vs. Jimmy Negatron DEMO
"JS1G2001" = JumpStart 1st Grade 2001
"JS2G2001" = JumpStart 2nd Grade 2001
"Las Vegas Super Casino Plus" = Las Vegas Super Casino Plus
"Lexmark 5200 Series" = Lexmark 5200 Series
"Little Mermaid II" = Little Mermaid II Return to the Sea
"Magic Ball 2" = Magic Ball 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Man in the Moon" = Man in the Moon
"MathRock" = Schoolhouse Rock: Math Rock
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Monopoly" = Monopoly
"Monopoly Junior" = Monopoly Junior
"mr97310c_79b33283ba293e6c94e125bce27e0ecded0a2591" = Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image 05/02/2006 2.0.1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Amazing Human Body" = My Amazing Human Body
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpDKey" = Operation
"Petz 4" = Petz 4
"PhoTagsExpress" = PhoTags Express
"Pokeringo" = Pokeringo
"Product_Name" = Millennium Gamepak Gold
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealPlayer
"Reel Deal Casino Shuffle Master Edition_is1" = Reel Deal Casino Shuffle Master Edition
"Scholastic's I SPY School Days" = Scholastic's I SPY School Days
"Sesame Street Elmo's Preschool" = Sesame Street Elmo's Preschool
"SimSafariUninstall" = SimSafari
"SimTown95v1" = SimTown
"SiS VGA Driver" = SiS VGA Utilities
"Slingo" = Slingo
"Slots 100" = Slots 100
"SpongeBob SquarePants" = SpongeBob SquarePants® Operation Krabby Patty
"The Game Of Life" = The Game Of Life
"Theme Park World" = SimTheme Park
"Top 30 Games 4 Kids" = Top 30 Games 4 Kids
"Ultimate Ride Kelloggs Preview" = Ultimate Ride Preview Kelloggs
"UnityWebPlayer" = Unity Web Player
"VV_Outloud_En_US" = IBM ViaVoice Outloud Runtime - US English
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-153415850-26434597-3537357269-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >



#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 24 February 2010 - 05:25 PM

Yup, that looks good. smile.gif Glad I could help out.

Let's cleanup then.

Please follow/read the steps below to remove the tools we used and for some more information. smile.gif


Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything assoicated with it.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.


Congratulations! You now appear clean! specool.gif

Now that you are clean, please follow and read some of the prevention tips below.

Preventing Infections in the Future


Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

Some of the main things you should consider to perform/read are:
  • Disabling Autorun/Play on Flash-Drive/Removable Drives
  • Avoid gaming sites, underground web pages, pirated software sites, and Peer to Peer Programs
  • Keep Windows Updated through going to Windows Updates
  • Updating Non-Microsoft Programs
  • Keeping Security softwares updated

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck thumbup2.gif


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks smile.gif

With Regards,
Extremeboy


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 truckyxp

truckyxp
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:minnesota
  • Local time:06:52 PM

Posted 25 February 2010 - 12:50 AM

Hello extremeboy,
I cleaned up, following everything you posted.
But I'm unable to use Windows Updates.
I get an error "[Error number: 0x800A0005]"
"The website has encountered a problem and cannot display the page you are trying to view."


What would you suggest I do?

thanks truckyxp






#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 26 February 2010 - 05:22 PM

Can you try running this tool:

Download and Run Dial-a-Fix

This program fixes many common problems in Windows.
  1. Please download Dial-A-Fix from one of the following mirrors:
  2. Extract the zip file to your desktop.
  3. Double click Dial-a-Fix.exe to start the program.
  4. Press the green double checkmark box (Looks like this: )
  5. UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
  6. When the window looks like this, press the GO button in the bottom of the window.
  7. Exit/Close Dial-A-Fix

Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Then, reboot your computer and see if it works. If not, I suggest posting a topic in the Windows XP forum regarding that Windows Updates error.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users