Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirected to http://searchingandclick37.com


  • This topic is locked This topic is locked
9 replies to this topic

#1 gatorwib1

gatorwib1

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 03 July 2010 - 02:41 PM

Hi.

I’m still using XP Home 2002, Service Pack 3, and when I use google to search for something, I’m seeing a few things:
1. auto-complete is not on when I type something in the search window;
2. it takes a few extra seconds to get to the results screen;
3. when I click on any of the results, I get sent to one of several advertising sites.

The address that shows up briefly each time is hxxp://searchingandclick37.com, but then I get redirected to various ad sites.

I’ve tried Spybot, Malwarebytes’ Anti-Malware, IObit, and Microsoft Security Essentials (all updated), and all of the scans are coming out clean.

When I used System Restore to go back a few weeks before the problem began, it showed up then as well.

Having read some similar threads, I’ve attached the log data from Hijack This as well as DDS and GMER data.

Any help would be great—thanks!

Hijack This log follows:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:33:35 PM, on 7/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Streamload\EMBARQ Media Safe\StreamloadService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\WINDOWS\System32\wudfhost.exe
D:\Documents and Settings\Owner\My Documents\My Software\Highjack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14501&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 89.149.193.137 www.google.com
O1 - Hosts: 89.149.193.137 us.search.yahoo.com
O1 - Hosts: 89.149.193.137 uk.search.yahoo.com
O1 - Hosts: 89.149.193.137 search.yahoo.com
O1 - Hosts: 89.149.193.137 www.google.com.br
O1 - Hosts: 89.149.193.137 www.google.it
O1 - Hosts: 89.149.193.137 www.google.es
O1 - Hosts: 89.149.193.137 www.google.co.jp
O1 - Hosts: 89.149.193.137 www.google.com.mx
O1 - Hosts: 89.149.193.137 www.google.ca
O1 - Hosts: 89.149.193.137 www.google.com.au
O1 - Hosts: 89.149.193.137 www.google.nl
O1 - Hosts: 89.149.193.137 www.google.co.za
O1 - Hosts: 89.149.193.137 www.google.be
O1 - Hosts: 89.149.193.137 www.google.gr
O1 - Hosts: 89.149.193.137 www.google.at
O1 - Hosts: 89.149.193.137 www.google.se
O1 - Hosts: 89.149.193.137 www.google.ch
O1 - Hosts: 89.149.193.137 www.google.pt
O1 - Hosts: 89.149.193.137 www.google.dk
O1 - Hosts: 89.149.193.137 www.google.fi
O1 - Hosts: 89.149.193.137 www.google.ie
O1 - Hosts: 89.149.193.137 www.google.no
O1 - Hosts: 89.149.193.137 www.google.de
O1 - Hosts: 89.149.193.137 www.google.fr
O1 - Hosts: 89.149.193.137 www.google.co.uk
O1 - Hosts: 89.149.193.137 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: FlashCatchBHO Class - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files\FlashCatch\flashcatch.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: FlashCatch - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in default RSS reader - C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\RssBandit\iecontext_subscribefeed.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://www.facebook.com/fbplugin/win32/axf...b?1265758891304
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163827991812
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Filter hijack: text/html - {dee88b0f-22e9-490b-80a7-c6fd7114a263} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity_BackUp - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\EMBARQ Media Safe\StreamloadService.exe

--
End of file - 12268 bytes



DDS Text follows:

DDS (Ver_10-03-17.01) - NTFSx86
Run by The Steelnacks at 14:08:19.00 on Sat 07/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.438 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MiniMind\MiniMind.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Streamload\EMBARQ Media Safe\StreamloadService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=14501&l=dis
uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: FlashCatchBHO Class: {88618a96-6d8a-42e7-b932-9073d5b2080f} - c:\program files\flashcatch\flashcatch.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: FlashCatch: {10cecf4f-a96e-4803-8ac2-f565fb29ff47} - c:\program files\flashcatch\flashcatch.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Encarta &Researcher: {9455301c-cf6b-11d3-a266-00c04f689c50} - c:\program files\common files\microsoft shared\reference 2001\EROProj.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [SansaDispatch] c:\documents and settings\the steelnacks.steelnack.000\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AROReminder] c:\program files\advanced registry optimizer\aro.exe -rem
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe
mRun: [Motive SmartBridge] c:\progra~1\virtua~1\smartb~1\SprintDSLAlert.exe
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~1\mimboot.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\theste~1.000\startm~1\programs\startup\minimi~1.lnk - c:\program files\minimind\MiniMind.exe
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Subscribe in default RSS reader - c:\documents and settings\the steelnacks.steelnack.000\application data\rssbandit\iecontext_subscribefeed.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\program files\common files\microsoft shared\reference 2001\EROProj.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\securenet.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265758891304
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163827991812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\reference 2001\msero.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\silokefe.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 89.149.193.137 www.google.com
Hosts: 89.149.193.137 us.search.yahoo.com
Hosts: 89.149.193.137 uk.search.yahoo.com
Hosts: 89.149.193.137 search.yahoo.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 GEARSecurity_BackUp;GEARSecurity_BackUp;system32\gearsec.exe --> system32\gearsec.exe [?]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-7-2 312152]
R3 MSTACKJ;MusicStacker VSDJ;c:\windows\system32\drivers\vadsimple10.sys [2007-11-12 19456]
S1 awjvtaye;awjvtaye;\??\c:\windows\system32\drivers\awjvtaye.sys --> c:\windows\system32\drivers\awjvtaye.sys [?]
S2 agentcd;DriverAgent Class Driver;\??\c:\windows\system32\agentcd.sys --> c:\windows\system32\AgentCD.sys [?]
S2 Mojave;Dazzle Mojave Device;c:\windows\system32\drivers\Mojave.sys [2007-6-9 120352]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [2004-10-11 91520]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccpwdsvc.exe" --> c:\program files\common files\symantec shared\ccPwdSvc.exe [?]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\theste~1.000\locals~1\temp\ewdmaudn.sys --> c:\docume~1\theste~1.000\locals~1\temp\ewdmaudn.sys [?]
S3 GearAspiWDM_BackUp;GEARAspiWDM;c:\windows\system32\drivers\GEARAspiWDM.sys [2005-4-11 15464]
S3 iTurns;iTurns;c:\windows\system32\drivers\iTurnsDriver.sys [2008-11-28 10704]
S3 NUVision;Pinnacle Fusion Video;c:\windows\system32\drivers\nuvvid2.sys [2008-3-30 155264]
S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [2005-6-25 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\saiuFF0C.sys [2005-6-25 19584]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-7-6 16640]

=============== Created Last 30 ================

2010-07-03 04:15:11 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-03 04:14:25 0 d-----w- c:\docume~1\alluse~1.win\applic~1\IObit
2010-07-03 04:14:23 0 d-----w- c:\program files\Trend Micro
2010-07-03 04:13:31 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-07-03 03:29:45 0 d-----w- c:\program files\Registry Cleaner
2010-07-03 03:25:41 0 d-----w- c:\docume~1\theste~1.000\applic~1\Sammsoft
2010-07-03 03:24:59 0 d-----w- c:\program files\Advanced Registry Optimizer
2010-07-02 17:34:37 0 d-----w- c:\program files\IObit
2010-06-26 01:57:11 0 d-----w- c:\program files\EZ Label Xpress
2010-06-10 03:31:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2004-09-26 19:27:31 542 -c--a-w- c:\program files\EarthLink TotalAccessactions.met
2003-07-28 10:16:52 36864 ----a-w- c:\windows\inf\i386\Vizmicro.dll
2003-07-28 10:16:26 172032 ----a-w- c:\windows\inf\i386\viceo.dll
2003-07-28 10:01:10 36207 -c--a-w- c:\windows\inf\i386\9320FW.bin
2003-07-28 10:01:10 274432 ----a-w- c:\windows\inf\i386\9320LLD.dll
2003-07-28 10:01:10 155648 ----a-w- c:\windows\inf\i386\rtscan.dll
2001-08-03 22:29:18 13824 ----a-w- c:\windows\inf\i386\Usbscan.sys
2009-04-24 09:59:52 2098 --sh--w- c:\windows\system32\luravufa.exe

============= FINISH: 14:10:08.93 ===============


GMER data follows:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-03 14:46:51
Windows 5.1.2600 Service Pack 3
Running: ou1q7gwn.exe; Driver: C:\DOCUME~1\THESTE~1.000\LOCALS~1\Temp\pxroipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF66AC340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x25BA81, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\dvd43\dvd43_tray.exe[128] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\dvd43\dvd43_tray.exe[128] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\dvd43\dvd43_tray.exe[128] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\dvd43\dvd43_tray.exe[128] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\dvd43\dvd43_tray.exe[128] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F90001
.text C:\Program Files\dvd43\dvd43_tray.exe[128] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\dvd43\dvd43_tray.exe[128] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\dvd43\dvd43_tray.exe[128] advapi32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\dvd43\dvd43_tray.exe[128] advapi32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\dvd43\dvd43_tray.exe[128] advapi32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\dvd43\dvd43_tray.exe[128] advapi32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\dvd43\dvd43_tray.exe[128] advapi32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[148] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[148] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[148] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[148] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[148] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[148] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[148] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[148] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[148] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[148] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[148] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[208] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[208] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[208] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[208] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01140001
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[208] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[208] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[208] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[208] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[208] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[208] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[208] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[216] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[216] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[216] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[216] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[216] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D60001
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[216] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[216] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[216] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[216] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[216] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[216] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[216] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[240] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[240] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[240] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[240] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[240] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[240] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[240] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[240] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[240] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[240] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[240] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[240] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[240] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[240] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[292] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[292] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[292] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[292] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[292] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[292] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[292] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[292] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[292] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[292] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[292] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[292] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[408] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[408] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[408] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[408] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[408] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DF0001
.text C:\WINDOWS\system32\ctfmon.exe[408] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[408] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[408] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[408] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[408] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[408] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[408] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[444] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[444] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[444] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[444] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[444] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E00001
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[444] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[444] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[444] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[444] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[444] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[444] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[444] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[740] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[740] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[740] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[740] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[740] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013B0001
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[740] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[740] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[740] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[740] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[740] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[740] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[740] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[1512] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A00001
.text C:\WINDOWS\Explorer.EXE[1512] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1512] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1512] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1512] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1512] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ou1q7gwn.exe[1740] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ou1q7gwn.exe[1740] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ou1q7gwn.exe[1740] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ou1q7gwn.exe[1740] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ou1q7gwn.exe[1740] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B30001
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ou1q7gwn.exe[1740] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ou1q7gwn.exe[1740] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ou1q7gwn.exe[1740] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ou1q7gwn.exe[1740] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ou1q7gwn.exe[1740] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ou1q7gwn.exe[1740] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ou1q7gwn.exe[1740] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[2016] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[2016] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[2016] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[2016] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[2016] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B80001
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[2016] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[2016] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[2016] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[2016] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[2016] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[2016] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[2016] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[2024] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[2024] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[2024] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[2024] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[2024] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01110001
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[2024] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[2024] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[2024] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[2024] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[2024] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[2024] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[2024] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[2032] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[2032] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[2032] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[2032] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[2032] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014E0001
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[2032] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[2032] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[2032] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[2032] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[2032] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[2032] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[2032] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2428] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort1 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 dvd43llh.sys (dvd43llh.sys/RIF)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by Orange Blossom, 03 July 2010 - 03:05 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:55 PM

Posted 07 July 2010 - 06:30 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 gatorwib1

gatorwib1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 18 July 2010 - 09:06 PM



OTL logfile created on: 7/18/2010 9:09:26 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 600.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 47.84 Gb Free Space | 64.21% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 429.53 Gb Free Space | 92.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 7.45 Gb Total Space | 4.97 Gb Free Space | 66.65% Space Free | Partition Type: FAT32

Computer Name: STEELNACK
Current User Name: The Steelnacks
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/18 21:08:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/06/19 09:52:17 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/09 17:20:12 | 000,438,359 | ---- | M] (Sprint) -- C:\Program Files\Virtual Assistant\SmartBridge\SprintDSLAlert.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/20 17:40:18 | 000,731,136 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2006/09/07 17:11:00 | 000,049,152 | ---- | M] (Streamload) -- C:\Program Files\Streamload\EMBARQ Media Safe\StreamloadService.exe
PRC - [2005/05/10 17:04:52 | 000,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2005/05/10 17:04:50 | 000,403,456 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
PRC - [2005/05/10 17:04:50 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
PRC - [2003/08/18 07:12:06 | 000,098,304 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
PRC - [2002/09/02 09:51:40 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe


========== Modules (SafeList) ==========

MOD - [2010/07/18 21:08:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe
MOD - [2010/06/11 16:21:40 | 000,232,960 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2008/09/09 17:20:10 | 000,122,880 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Virtual Assistant\SmartBridge\SBHook.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2006/09/07 17:11:00 | 000,049,152 | ---- | M] (Streamload) [Auto | Running] -- C:\Program Files\Streamload\EMBARQ Media Safe\StreamloadService.exe -- (StreamloadService)
SRV - [2002/09/02 09:51:40 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity_BackUp)
SRV - [2002/09/02 09:51:40 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\winachcf.sys -- (Winachcf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\THESTE~1.000\LOCALS~1\Temp\ewdmaudn.sys -- (ewdmaudn)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\awjvtaye.sys -- (awjvtaye)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\AgentCD.sys -- (agentcd)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/06/09 18:15:54 | 000,037,664 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009/04/23 16:51:18 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2008/11/28 15:26:56 | 000,010,704 | ---- | M] (Pixbyte Development SL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iTurnsDriver.sys -- (iTurns)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/12 21:12:33 | 000,019,456 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vadsimple10.sys -- (MSTACKJ)
DRV - [2008/01/21 10:11:32 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2005/06/07 13:56:11 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2004/12/01 21:33:00 | 000,043,008 | R--- | M] (D-Link ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2004/07/06 17:36:12 | 000,026,752 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiNtBus.sys -- (SaiNtBus)
DRV - [2004/07/06 17:36:12 | 000,015,616 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2004/06/11 05:59:44 | 000,056,576 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiHFF0C.sys -- (SaiHFF0C)
DRV - [2004/06/11 05:59:20 | 000,019,584 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\saiuFF0C.sys -- (SaiUFF0C)
DRV - [2003/10/28 16:17:52 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - [2003/10/28 15:55:38 | 000,029,744 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2003/10/06 14:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/22 12:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 08:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 08:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2002/10/11 11:29:00 | 000,207,936 | R--- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtlsVid.sys -- (EMATCORE)
DRV - [2002/10/11 11:29:00 | 000,025,600 | R--- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtlsAud.sys -- (AtlsAud)
DRV - [2002/09/27 19:56:50 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/25 10:27:00 | 000,120,352 | R--- | M] (Dazzle Multimedia, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Mojave.sys -- (Mojave)
DRV - [2002/09/03 12:31:57 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (Aspi32)
DRV - [2002/03/29 14:58:24 | 000,091,520 | ---- | M] (Hewlett-Packard Co.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ppscan.sys -- (PPSCAN)
DRV - [2001/12/03 12:55:14 | 000,155,264 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (NUVision)
DRV - [2001/12/03 12:55:12 | 000,026,560 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1957994488-920026266-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-1957994488-920026266-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1957994488-920026266-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/02 20:54:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\flashcatch@flashcatch.com: C:\Program Files\FlashCatch\firefox [2010/04/14 21:44:40 | 000,000,000 | ---D | M]

[2009/08/06 22:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\Mozilla\Extensions
[2009/08/06 22:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/07/02 23:06:10 | 000,411,510 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 89.149.193.137 www.google.com
O1 - Hosts: 89.149.193.137 us.search.yahoo.com
O1 - Hosts: 89.149.193.137 uk.search.yahoo.com
O1 - Hosts: 89.149.193.137 search.yahoo.com
O1 - Hosts: 89.149.193.137 www.google.com.br
O1 - Hosts: 89.149.193.137 www.google.it
O1 - Hosts: 89.149.193.137 www.google.es
O1 - Hosts: 89.149.193.137 www.google.co.jp
O1 - Hosts: 89.149.193.137 www.google.com.mx
O1 - Hosts: 89.149.193.137 www.google.ca
O1 - Hosts: 89.149.193.137 www.google.com.au
O1 - Hosts: 89.149.193.137 www.google.nl
O1 - Hosts: 89.149.193.137 www.google.co.za
O1 - Hosts: 89.149.193.137 www.google.be
O1 - Hosts: 89.149.193.137 www.google.gr
O1 - Hosts: 89.149.193.137 www.google.at
O1 - Hosts: 89.149.193.137 www.google.se
O1 - Hosts: 89.149.193.137 www.google.ch
O1 - Hosts: 89.149.193.137 www.google.pt
O1 - Hosts: 89.149.193.137 www.google.dk
O1 - Hosts: 89.149.193.137 www.google.fi
O1 - Hosts: 89.149.193.137 www.google.ie
O1 - Hosts: 89.149.193.137 www.google.no
O1 - Hosts: 89.149.193.137 www.google.de
O1 - Hosts: 89.149.193.137 www.google.fr
O1 - Hosts: 14245 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashCatchBHO Class) - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKU\S-1-5-21-1957994488-920026266-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1957994488-920026266-839522115-1004\..\Toolbar\WebBrowser: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\Virtual Assistant\SmartBridge\SprintDSLAlert.exe (Sprint)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1957994488-920026266-839522115-1004..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe (Sammsoft)
O4 - HKU\S-1-5-21-1957994488-920026266-839522115-1004..\Run: [SansaDispatch] C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-1957994488-920026266-839522115-1004..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\The Steelnacks.STEELNACK.000\Start Menu\Programs\Startup\MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe (Vellosoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-920026266-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Subscribe in default RSS reader - C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\RssBandit\iecontext_subscribefeed.htm ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\securenet.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\securenet.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\securenet.dll ()
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-920026266-839522115-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-920026266-839522115-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://www.facebook.com/fbplugin/win32/axf...b?1265758891304 (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} http://www.nero.com/doc/NeroVersionCheckerControl.cab (NeroVersionCheckerControl Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1163827991812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.3.0.116 76.2.127.122
O18 - Protocol\Handler\msero {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\msero.dll ()
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\The Steelnacks.STEELNACK.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Steelnacks.STEELNACK.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/08 16:01:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/13 21:27:08 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{711b0023-d0ac-11d9-b7d2-999e404345f9}\Shell - "" = AutoRun
O33 - MountPoints2\{711b0023-d0ac-11d9-b7d2-999e404345f9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9c46a528-26f9-11de-bd86-00195b3902fa}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/18 21:07:57 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe
[2010/07/03 00:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2010/07/03 00:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/03 00:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/07/02 23:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Cleaner
[2010/07/02 23:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\Sammsoft
[2010/07/02 23:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Optimizer
[2010/07/02 14:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\San Antonio
[2010/07/02 13:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/07/01 22:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\Aqualung
[2010/06/25 21:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\EZ Label Xpress
[2010/06/24 15:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\My Documents\My PaperPort Documents
[2002/04/11 00:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/18 21:08:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe
[2010/07/18 14:30:26 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/18 14:24:48 | 000,001,332 | ---- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\Clean Registry for Free!.lnk
[2010/07/18 14:24:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/18 14:24:14 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/18 14:24:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/18 14:24:09 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/05 11:58:09 | 017,563,648 | ---- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\ntuser.dat
[2010/07/05 11:58:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\ntuser.ini
[2010/07/05 04:25:22 | 000,001,148 | ---- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\Live PC Help.lnk
[2010/07/03 15:39:57 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/07/03 15:39:26 | 000,132,608 | ---- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\My Documents\Hijack This full post with data.doc
[2010/07/03 15:38:11 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\Highjack This Post.doc
[2010/07/03 15:09:34 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\~$ghjack This Post.doc
[2010/07/03 14:20:41 | 000,005,892 | ---- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\Attach.zip
[2010/07/03 14:06:38 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\dds.scr
[2010/07/03 14:04:39 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ou1q7gwn.exe
[2010/07/03 00:11:48 | 004,821,062 | -H-- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Local Settings\Application Data\IconCache.db
[2010/07/02 23:30:52 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\RegistryCleaner.lnk
[2010/07/02 23:06:10 | 000,411,510 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/02 21:52:36 | 000,000,558 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/07/02 13:35:12 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Security 360.lnk
[2010/07/02 13:23:38 | 000,000,848 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100702-230610.backup
[2010/07/02 13:03:55 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Security Essentials.lnk
[2010/06/28 02:33:54 | 005,873,510 | ---- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\DSC00648.JPG
[2010/06/25 21:50:36 | 000,059,535 | ---- | M] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\Whats-New-Scooby-Doo-Merry-Scary-Holiday.jpg
[2010/06/24 07:39:36 | 000,546,028 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 07:39:36 | 000,476,182 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 07:39:36 | 000,080,266 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/20 13:15:33 | 000,000,280 | --S- | M] () -- C:\WINDOWS\System32\1192431798.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/18 14:24:47 | 000,001,332 | ---- | C] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\Clean Registry for Free!.lnk
[2010/07/05 04:25:21 | 000,001,148 | ---- | C] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\Live PC Help.lnk
[2010/07/03 15:39:26 | 000,132,608 | ---- | C] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\My Documents\Hijack This full post with data.doc
[2010/07/03 15:09:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\~$ghjack This Post.doc
[2010/07/03 14:20:41 | 000,005,892 | ---- | C] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\Attach.zip
[2010/07/03 14:06:25 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\dds.scr
[2010/07/03 14:04:32 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ou1q7gwn.exe
[2010/07/03 13:38:08 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\Highjack This Post.doc
[2010/07/02 23:55:19 | 017,563,648 | ---- | C] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\ntuser.dat
[2010/07/02 23:29:51 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\RegistryCleaner.lnk
[2010/07/02 13:35:12 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Security 360.lnk
[2010/07/02 13:19:53 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/02 13:03:52 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Security Essentials.lnk
[2010/06/29 19:43:29 | 005,873,510 | ---- | C] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\DSC00648.JPG
[2010/06/26 19:36:12 | 000,470,955 | ---- | C] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\b5.jpg
[2010/06/25 21:50:47 | 000,059,535 | ---- | C] () -- C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\Whats-New-Scooby-Doo-Merry-Scary-Holiday.jpg
[2010/04/01 15:21:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2009/09/14 08:02:55 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/04/12 08:19:15 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/05 15:32:55 | 000,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2008/08/27 19:45:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/04 15:21:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/07/19 10:28:07 | 000,000,558 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/07/19 10:28:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/06/30 15:47:48 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/06/18 14:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/10/12 18:31:17 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/06/04 15:48:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2007/06/04 15:05:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/05/22 01:32:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Qbmsaf.dll
[2007/05/19 10:07:39 | 000,000,297 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/05/17 21:30:08 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/09/09 19:24:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/07/06 17:43:27 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2006/07/06 17:43:27 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2006/05/07 16:35:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Abac Karaoke.INI
[2006/03/07 07:46:55 | 000,000,051 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/02/07 21:27:15 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2006/01/16 20:25:10 | 000,000,667 | ---- | C] () -- C:\WINDOWS\HelpRead.ini
[2006/01/16 20:18:21 | 000,000,318 | ---- | C] () -- C:\WINDOWS\provw.ini
[2006/01/08 13:53:47 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2005/07/07 08:42:34 | 000,000,033 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2005/06/25 15:03:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SAICFG.dll
[2005/06/11 11:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2005/05/24 20:15:15 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/05/24 20:00:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/03 11:46:27 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/02/07 18:16:37 | 001,962,496 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/02/07 18:16:36 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\qcap(2).dll
[2005/02/07 18:16:36 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2005/01/23 16:03:49 | 000,000,016 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/01/21 07:05:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Teacher.INI
[2004/12/27 13:03:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2004/12/21 17:49:24 | 000,000,108 | ---- | C] () -- C:\WINDOWS\Anw_IP.ini
[2004/11/07 22:13:47 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll
[2004/10/19 18:27:02 | 000,000,149 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2004/10/13 17:01:56 | 000,000,103 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2004/10/13 16:29:54 | 000,115,140 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/10/12 19:32:11 | 000,000,058 | ---- | C] () -- C:\WINDOWS\CTACD.INI
[2004/10/11 21:01:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\VTWAIN.INI
[2004/10/11 20:59:34 | 000,000,177 | ---- | C] () -- C:\WINDOWS\ppdrv.ini
[2004/10/11 20:59:05 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2004/10/11 20:59:05 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2004/10/11 20:59:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\hpud32.dll
[2004/10/11 20:59:04 | 000,123,424 | ---- | C] () -- C:\WINDOWS\p1220_32.dll
[2004/10/11 20:59:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\hpudrv.ini
[2004/10/10 13:24:41 | 000,000,115 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/10/06 15:32:18 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/10/06 15:31:21 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2004/10/06 15:31:21 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/10/06 15:31:15 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2004/10/06 15:31:09 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2004/10/06 15:29:34 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/10/05 06:29:16 | 000,002,528 | ---- | C] () -- C:\WINDOWS\Fcic.ini
[2004/10/04 14:22:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2004/10/04 14:19:51 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3m.DLL
[2004/10/03 20:10:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/11/13 09:58:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/09/01 10:06:14 | 000,002,696 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/08/07 15:01:50 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/03/24 05:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2002/08/09 13:15:16 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[2002/02/22 16:49:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Twci_Err.dll
[2002/01/08 16:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:439E3411
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F878F14A
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:864A52B8
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:680DD2F1
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F82297CD
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:680086AB
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0FB9F88B
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F65733F1
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:54362937
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DD4DD9B9
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5D7E5A8F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:825D5945
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:661DFA1C
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A688EF17
< End of report >



OTL Extras logfile created on: 7/18/2010 9:09:26 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 600.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 47.84 Gb Free Space | 64.21% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 429.53 Gb Free Space | 92.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 7.45 Gb Total Space | 4.97 Gb Free Space | 66.65% Space Free | Partition Type: FAT32

Computer Name: STEELNACK
Current User Name: The Steelnacks
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [edit] -- Reg Error: Key error.
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8097:TCP" = 8097:TCP:*:Disabled:EarthLink UHP Modem Support
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\dvd43\DVD43_Tray.exe" = C:\Program Files\dvd43\DVD43_Tray.exe:*:Enabled:dvd43_tray -- ()
"C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" = C:\Program Files\Visioneer OneTouch\OneTouchMon.exe:*:Enabled:OneTouchMon -- (Visioneer Inc)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{1DA07BCA-FD11-406E-89A8-5B4496F43FC5}" = EZ Label Xpress Lite
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{26BEE28E-C285-4532-82D3-7CE3C5F805D4}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{30C2A339-C494-4292-9C63-861B5E2D63EA}" = D5400
"{3127EBAB-6A3B-4512-BC10-0D6C9EF09672}_is1" = FLVideoConverter
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{369B36BE-3D64-4641-9AEA-808D436FE134}" = Microsoft Digital Image Pro 7.0
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{40AED4C2-5216-4CE5-B537-7AB249D7E066}" = Quiz Bowl
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{59ED24CA-25EC-4BB0-99C4-51ABF432BCC7}" = PS_SF_03_D5400_Software_Min
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass Client
"{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CC1EE94-B426-478B-AE83-F83EBB4EF66A}" = HPPhotoSmartDiscLabel_PaperLabel
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7148F0A8-6813-11D6-A77B-00B0D0142140}" = Java 2 Runtime Environment, SE v1.4.2_14
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7ED180E1-ADE9-4C69-8845-BDF518D763B8}" = hpphotosmartdisclabelplugin
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{8317B981-0159-4DA9-92E9-350DD42E5187}" = PS_SF_03_D5400_ProductContext
"{83A5A433-C6D9-40EA-AEFE-CF354DE2D669}" = PS_SF_03_D5400_Software
"{856EB6CE-178B-401C-86CB-3696D4EA22AC}" = D5400_Help
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch Jukebox
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A0AB2980-1FDD-4b6c-940C-FC87C84F05B7}_is1" = FlashCatch
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9FAF8C2-4909-4FDB-8BBD-3723F5D7AACC}" = EMBARQ Media Safe
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BCC09E9C-3340-473D-A4FE-8580992CA77A}" = HPPhotoSmartDiscLabelContent1
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DA56F614-18B0-4E95-A016-99BBC2AC0242}" = Activstudio Professional Edition v3.0.73
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E5A9D335-7012-4795-98F5-FADC548E213F}" = Activstudio Resources (USA) v3.0.1
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{e85106b4-67bc-42ba-886c-393ddc9ba328}" = Nero 9
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF94793F-F6C3-4986-AF6F-2AFC1BBDB84C}" = HP Photosmart D5400 Printer Driver Software 11.0 Rel .3
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"Any Video Converter_is1" = Any Video Converter 2.5.9
"Audacity_is1" = Audacity 1.2.6
"BFGC" = Big Fish Games Client
"BFG-Megaplex Madness - Now Playing" = Megaplex Madness: Now Playing
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX DVD Ripper" = DivX DVD Ripper 1.6
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD X Rescue" = DVD X Rescue
"DVD43_is1" = DVD43 v4.0.0
"DVDFab Decrypter_is1" = DVDFab Decrypter 2.9.7.2
"DVDFab Platinum_is1" = DVDFab Platinum (Non-CSS Version) 3.1.2.6
"DVDneXtCOPY" = DVDneXtCOPY
"DVDXCopy" = DVDXCopy 1.5.2 b636 (remove only)
"DVDXCopyPlatinum" = DVD X Copy Platinum RF 4.0.4
"EZ-DJ Plus" = EZ-DJ Plus
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{1DA07BCA-FD11-406E-89A8-5B4496F43FC5}" = EZ Label Xpress Lite
"InterActual Player" = InterActual Player
"IObit Security 360_is1" = IObit Security 360
"LimeWire" = LimeWire 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McDougal Littell Test Generator" = McDougal Littell Test Generator
"mediaconverter.org" = Media Converter SA Edition
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MiniMinder_is1" = MiniMinder 7.17
"Moo0 FileShredder" = Moo0 FileShredder 1.10
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Driver" = NVIDIA Display Driver
"Pinnacle Systems USB Installation" = Pinnacle Systems USB Installation
"RegistryCleaner" = Registry Cleaner 2.1
"Revo Uninstaller" = Revo Uninstaller 1.83
"Shockwave" = Shockwave
"Sprint.MCCInstall" = EMBARQ Help
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.2
"Switch" = Switch Sound File Converter
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"video4fuze" = video4fuze 0.6
"Visioneer OneTouch 9320" = Visioneer OneTouch 9320
"VN_VUIns_Rhine_D-Link" = D-Link PCI Fast Ethernet Adapter
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.41-rc1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-920026266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2010 1:03:24 PM | Computer Name = STEELNACK | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 7/2/2010 1:08:04 PM | Computer Name = STEELNACK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2147550906, P2 unspecified, P3 scanfile,
P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 7/2/2010 9:55:02 PM | Computer Name = STEELNACK | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/2/2010 11:16:58 PM | Computer Name = STEELNACK | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/2/2010 11:54:03 PM | Computer Name = STEELNACK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 7/3/2010 12:05:30 AM | Computer Name = STEELNACK | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 streamloadservice.exe, P2 1.0.0.0, P3 4500b535,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 3580, P8 24, P9 system.io.filenotfoundexception,
P10 NIL.

Error - 7/3/2010 12:05:30 AM | Computer Name = STEELNACK | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 intuitupdateservice.exe, P2 3.0.1.0, P3 49cbc9ff,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 3580, P8 24, P9 system.io.filenotfoundexception,
P10 NIL.

Error - 7/18/2010 2:35:41 PM | Computer Name = STEELNACK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 7/18/2010 2:41:43 PM | Computer Name = STEELNACK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 7/18/2010 2:42:32 PM | Computer Name = STEELNACK | Source = MSSecurityEssentials | ID = 5000
Description =

[ System Events ]
Error - 7/5/2010 4:27:02 AM | Computer Name = STEELNACK | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/18/2010 2:25:01 PM | Computer Name = STEELNACK | Source = Service Control Manager | ID = 7000
Description = The DriverAgent Class Driver service failed to start due to the following
error: %%2

Error - 7/18/2010 2:25:01 PM | Computer Name = STEELNACK | Source = Service Control Manager | ID = 7000
Description = The Dazzle Mojave Device service failed to start due to the following
error: %%1058

Error - 7/18/2010 2:26:21 PM | Computer Name = STEELNACK | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/18/2010 2:35:38 PM | Computer Name = STEELNACK | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.1381.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 7/18/2010 2:35:42 PM | Computer Name = STEELNACK | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.1381.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.5902.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 7/18/2010 2:35:42 PM | Computer Name = STEELNACK | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.1381.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.5902.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 7/18/2010 2:35:42 PM | Computer Name = STEELNACK | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.1381.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.5902.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 7/18/2010 2:35:42 PM | Computer Name = STEELNACK | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.1381.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.5902.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 7/18/2010 2:41:43 PM | Computer Name = STEELNACK | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.1381.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-18 22:05:34
Windows 5.1.2600 Service Pack 3
Running: o7ecx5c0.exe; Driver: C:\DOCUME~1\THESTE~1.000\LOCALS~1\Temp\pxroipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6B8A340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x25BA81, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[332] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[332] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[332] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[332] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A90001
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[332] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[332] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[332] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[332] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[332] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[332] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Visioneer OneTouch\OneTouchMon.exe[332] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[504] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[504] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[504] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[504] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[504] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B80001
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[504] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[504] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[504] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[504] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[504] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[504] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[504] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[564] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[564] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[564] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[564] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[564] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[564] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[564] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[564] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[564] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[564] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[564] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe[564] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\dvd43\dvd43_tray.exe[568] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\dvd43\dvd43_tray.exe[568] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\dvd43\dvd43_tray.exe[568] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\dvd43\dvd43_tray.exe[568] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\dvd43\dvd43_tray.exe[568] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C50001
.text C:\Program Files\dvd43\dvd43_tray.exe[568] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\dvd43\dvd43_tray.exe[568] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\dvd43\dvd43_tray.exe[568] advapi32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\dvd43\dvd43_tray.exe[568] advapi32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\dvd43\dvd43_tray.exe[568] advapi32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\dvd43\dvd43_tray.exe[568] advapi32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\dvd43\dvd43_tray.exe[568] advapi32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[796] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[796] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[796] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[796] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[796] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[796] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[796] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[796] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[796] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[832] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[832] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[832] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[832] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BD0001
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[832] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[832] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[832] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[832] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[832] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[832] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[832] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[868] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[868] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[868] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[868] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[868] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BE0001
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[868] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[868] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[868] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[868] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[868] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[868] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[868] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[1056] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[1056] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[1056] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[1056] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[1056] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C50001
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[1056] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[1056] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[1056] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[1056] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[1056] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[1056] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[1056] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\QuickTime\qttask.exe[1108] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\qttask.exe[1108] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\QuickTime\qttask.exe[1108] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\qttask.exe[1108] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\QuickTime\qttask.exe[1108] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C30001
.text C:\Program Files\QuickTime\qttask.exe[1108] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\QuickTime\qttask.exe[1108] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\QuickTime\qttask.exe[1108] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\QuickTime\qttask.exe[1108] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\qttask.exe[1108] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\QuickTime\qttask.exe[1108] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\QuickTime\qttask.exe[1108] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1152] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1152] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[1152] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1152] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[1152] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BC0001
.text C:\WINDOWS\system32\ctfmon.exe[1152] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1152] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1152] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[1152] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1152] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1152] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[1152] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1188] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1188] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1188] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1188] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A20001
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1188] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1188] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1188] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1188] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1188] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1188] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1188] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\notepad.exe[1336] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\notepad.exe[1336] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\notepad.exe[1336] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\notepad.exe[1336] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\notepad.exe[1336] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BC0001
.text C:\WINDOWS\notepad.exe[1336] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\notepad.exe[1336] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\notepad.exe[1336] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\notepad.exe[1336] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\notepad.exe[1336] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\notepad.exe[1336] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\notepad.exe[1336] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[1364] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\WINDOWS\Explorer.EXE[1364] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1364] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1364] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1364] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1364] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\notepad.exe[1396] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\notepad.exe[1396] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\notepad.exe[1396] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\notepad.exe[1396] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\notepad.exe[1396] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BC0001
.text C:\WINDOWS\notepad.exe[1396] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\notepad.exe[1396] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\notepad.exe[1396] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\notepad.exe[1396] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\notepad.exe[1396] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\notepad.exe[1396] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\notepad.exe[1396] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe[2436] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe[2436] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe[2436] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe[2436] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe[2436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FD0001
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe[2436] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe[2436] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe[2436] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe[2436] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe[2436] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe[2436] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\OTL.exe[2436] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3548] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3548] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3548] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3548] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3548] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3548] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3548] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3548] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3548] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3548] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3548] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\o7ecx5c0.exe[3828] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\o7ecx5c0.exe[3828] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\o7ecx5c0.exe[3828] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\o7ecx5c0.exe[3828] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\o7ecx5c0.exe[3828] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C30001
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\o7ecx5c0.exe[3828] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\o7ecx5c0.exe[3828] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\o7ecx5c0.exe[3828] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\o7ecx5c0.exe[3828] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\o7ecx5c0.exe[3828] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\o7ecx5c0.exe[3828] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\o7ecx5c0.exe[3828] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4012] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4012] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4012] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4012] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4012] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4012] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4012] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4012] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4012] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4012] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4012] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4012] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort1 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 dvd43llh.sys (dvd43llh.sys/RIF)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart D5400 series@ChangeID 26359375

---- EOF - GMER 1.0.15 ----


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:55 PM

Posted 19 July 2010 - 12:14 AM

Hello there, the topic was not yet closed. smile.gif Because its holiday season I keep my topics a bit longer opened.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 gatorwib1

gatorwib1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 19 July 2010 - 09:29 PM

Thanks for keeping the topic open--first piece of good news I've had for this thing in a while!
The Combofix log follows:

ComboFix 10-07-19.01 - The Steelnacks 07/19/2010 21:50:23.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.524 [GMT -4:00]
Running from: C:\Documents and Settings\The Steelnacks.STEELNACK.000\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
The following files were disabled during the run:
C:\Program Files\IObit\IObit Security 360\IS360mon.dll


#6 gatorwib1

gatorwib1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 19 July 2010 - 10:11 PM

Last one looked funny, so I ran it again. Seems like this one will be more informative:

ComboFix 10-07-19.01 - The Steelnacks 07/19/2010 22:52:08.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.526 [GMT -4:00]
Running from: c:\documents and settings\The Steelnacks.STEELNACK.000\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
The following files were disabled during the run:
c:\program files\IObit\IObit Security 360\IS360mon.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\The Steelnacks.STEELNACK.000\Application Data\Dealio\res\widgets.xml
c:\documents and settings\The Steelnacks.STEELNACK.000\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\The Steelnacks.STEELNACK.000\Application Data\inst.exe
C:\Install.exe
c:\program files\Search Settings\kb128\SearchSettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\windows\Fonts\acrsec.fon
c:\windows\system32\1192431798.dat
c:\windows\system32\cache329\B_329_0_1_504100.htm
c:\windows\system32\cache329\B_329_0_1_504100.swf
c:\windows\system32\cache329\B_329_0_1_532400.htm
c:\windows\system32\cache329\B_329_0_1_532400.swf
c:\windows\system32\cache329\B_329_0_1_561000.htm
c:\windows\system32\cache329\B_329_0_1_563400.gif
c:\windows\system32\cache329\B_329_0_1_571500.htm
c:\windows\system32\cache329\B_329_0_1_571500.swf
c:\windows\system32\cache329\B_329_0_1_577000.htm
c:\windows\system32\cache329\B_329_0_1_577000.swf
c:\windows\system32\cache329\B_329_0_1_578600.htm
c:\windows\system32\cache329\B_329_0_1_578600.swf
c:\windows\system32\cache329\B_329_0_1_595700.gif
c:\windows\system32\cache329\B_329_0_1_599300.gif
c:\windows\system32\cache329\B_329_0_1_600200.gif
c:\windows\system32\cache329\B_329_0_1_600600.gif
c:\windows\system32\cache329\B_329_0_1_612700.htm
c:\windows\system32\cache329\B_329_0_1_612700.swf
c:\windows\system32\cache329\B_329_0_1_621600.htm
c:\windows\system32\cache329\B_329_0_1_621600.swf
c:\windows\system32\cache329\B_329_0_1_622300.gif
c:\windows\system32\cache329\B_329_0_1_622900.gif
c:\windows\system32\cache329\B_329_0_1_636400.htm
c:\windows\system32\cache329\B_329_0_1_636400.swf
c:\windows\system32\cache329\B_329_0_1_652000.htm
c:\windows\system32\cache329\B_329_0_1_652000.swf
c:\windows\system32\cache329\B_329_2_1_504100.htm
c:\windows\system32\cache329\B_329_2_1_504100.swf
c:\windows\system32\cache329\B_329_2_1_528400.htm
c:\windows\system32\cache329\B_329_2_1_528400.swf
c:\windows\system32\cache329\B_329_2_1_532400.htm
c:\windows\system32\cache329\B_329_2_1_532400.swf
c:\windows\system32\cache329\B_329_2_1_534700.htm
c:\windows\system32\cache329\B_329_2_1_534700.swf
c:\windows\system32\cache329\B_329_2_1_537300.htm
c:\windows\system32\cache329\B_329_2_1_537300.swf
c:\windows\system32\cache329\B_329_2_1_561000.htm
c:\windows\system32\cache329\B_329_2_1_563400.gif
c:\windows\system32\cache329\B_329_2_1_571500.htm
c:\windows\system32\cache329\B_329_2_1_571500.swf
c:\windows\system32\cache329\B_329_2_1_577000.htm
c:\windows\system32\cache329\B_329_2_1_577000.swf
c:\windows\system32\cache329\B_329_2_1_578600.htm
c:\windows\system32\cache329\B_329_2_1_578600.swf
c:\windows\system32\cache329\B_329_2_1_595700.gif
c:\windows\system32\cache329\B_329_2_1_599300.gif
c:\windows\system32\cache329\B_329_2_1_600200.gif
c:\windows\system32\cache329\B_329_2_1_600600.gif
c:\windows\system32\cache329\B_329_2_1_612700.htm
c:\windows\system32\cache329\B_329_2_1_612700.swf
c:\windows\system32\cache329\B_329_2_1_621600.htm
c:\windows\system32\cache329\B_329_2_1_621600.swf
c:\windows\system32\cache329\B_329_2_1_622300.gif
c:\windows\system32\cache329\B_329_2_1_622900.gif
c:\windows\system32\cache329\B_329_2_1_636400.htm
c:\windows\system32\cache329\B_329_2_1_636400.swf
c:\windows\system32\cache329\B_329_2_1_652000.htm
c:\windows\system32\cache329\B_329_2_1_652000.swf
c:\windows\system32\cache329\B_329_2_2_528200.htm
c:\windows\system32\cache329\B_329_2_2_528200.swf
c:\windows\system32\cache329\B_329_2_2_535400.htm
c:\windows\system32\cache329\B_329_2_2_535400.swf
c:\windows\system32\cache329\B_329_2_2_538600.htm
c:\windows\system32\cache329\B_329_2_2_538600.swf
c:\windows\system32\cache329\B_329_2_2_540800.gif
c:\windows\system32\cache329\B_329_2_2_547900.htm
c:\windows\system32\cache329\B_329_2_2_547900.swf
c:\windows\system32\cache329\B_329_2_2_561200.htm
c:\windows\system32\cache329\B_329_2_2_561200.swf
c:\windows\system32\cache329\B_329_2_2_586300.htm
c:\windows\system32\cache329\B_329_2_2_586300.swf
c:\windows\system32\cache329\B_329_2_2_589300.htm
c:\windows\system32\cache329\B_329_2_2_589300.swf
c:\windows\system32\cache329\B_329_2_2_589500.htm
c:\windows\system32\cache329\B_329_2_2_589500.swf
c:\windows\system32\cache329\B_329_2_2_615000.htm
c:\windows\system32\cache329\B_329_2_2_615000.swf
c:\windows\system32\cache329\B_329_2_2_622600.htm
c:\windows\system32\cache329\B_329_2_2_622600.swf
c:\windows\system32\cache329\B_329_2_2_628000.gif
c:\windows\system32\cache329\B_329_2_2_628500.htm
c:\windows\system32\cache329\B_329_2_2_628500.swf
c:\windows\system32\cache329\B_329_2_2_628700.htm
c:\windows\system32\cache329\B_329_2_2_628700.swf
c:\windows\system32\cache329\B_329_2_2_668000.htm
c:\windows\system32\cache329\B_329_2_2_668000.swf
c:\windows\system32\cache329\B_329_2_2_668400.htm
c:\windows\system32\cache329\B_329_2_2_668400.swf
c:\windows\system32\cache329\B_329_2_2_668500.htm
c:\windows\system32\cache329\B_329_2_2_668500.swf
c:\windows\system32\cache329\B_329_2_2_668900.htm
c:\windows\system32\cache329\B_329_2_2_668900.swf
c:\windows\system32\cache329\B_329_2_2_669600.htm
c:\windows\system32\cache329\B_329_2_2_669600.swf
c:\windows\system32\cache329\B_329_2_2_672400.htm
c:\windows\system32\cache329\B_329_2_2_672400.swf
c:\windows\system32\cache329\B_329_2_2_673400.gif
c:\windows\system32\cache329\B_329_2_2_674300.htm
c:\windows\system32\cache329\B_329_2_2_674300.swf
c:\windows\system32\cache329\B_329_2_2_680100.gif
c:\windows\system32\cache329\B_329_2_2_737100.htm
c:\windows\system32\cache329\B_329_2_2_737100.swf
c:\windows\system32\cache329\B_329_2_2_775800.htm
c:\windows\system32\cache329\B_329_2_2_775800.swf
c:\windows\system32\cache329\B_329_2_2_775900.htm
c:\windows\system32\cache329\B_329_2_2_775900.swf
c:\windows\system32\cache329\B_329_3_1_504100.htm
c:\windows\system32\cache329\B_329_3_1_504100.swf
c:\windows\system32\cache329\B_329_3_1_532400.htm
c:\windows\system32\cache329\B_329_3_1_532400.swf
c:\windows\system32\cache329\B_329_3_1_561000.htm
c:\windows\system32\cache329\B_329_3_1_563400.gif
c:\windows\system32\cache329\B_329_3_1_571500.htm
c:\windows\system32\cache329\B_329_3_1_571500.swf
c:\windows\system32\cache329\B_329_3_1_577000.htm
c:\windows\system32\cache329\B_329_3_1_577000.swf
c:\windows\system32\cache329\B_329_3_1_578600.htm
c:\windows\system32\cache329\B_329_3_1_578600.swf
c:\windows\system32\cache329\B_329_3_1_595700.gif
c:\windows\system32\cache329\B_329_3_1_599300.gif
c:\windows\system32\cache329\B_329_3_1_600200.gif
c:\windows\system32\cache329\B_329_3_1_600600.gif
c:\windows\system32\cache329\B_329_3_1_612700.htm
c:\windows\system32\cache329\B_329_3_1_612700.swf
c:\windows\system32\cache329\B_329_3_1_621600.htm
c:\windows\system32\cache329\B_329_3_1_621600.swf
c:\windows\system32\cache329\B_329_3_1_622300.gif
c:\windows\system32\cache329\B_329_3_1_622900.gif
c:\windows\system32\cache329\B_329_3_1_636400.htm
c:\windows\system32\cache329\B_329_3_1_636400.swf
c:\windows\system32\cache329\B_329_3_1_652000.htm
c:\windows\system32\cache329\B_329_3_1_652000.swf
c:\windows\system32\cache329\B_329_4_1_565300.htm
c:\windows\system32\cache329\B_329_4_1_565300.swf
c:\windows\system32\cache329\B_329_4_1_576700.gif
c:\windows\system32\cache329\B_329_4_1_576700.htm
c:\windows\system32\cache329\B_329_4_1_583100.htm
c:\windows\system32\cache329\B_329_4_1_583100.swf
c:\windows\system32\cache329\B_329_4_1_584300.htm
c:\windows\system32\cache329\B_329_4_1_584300.swf
c:\windows\system32\cache329\B_329_4_1_600800.htm
c:\windows\system32\cache329\B_329_4_1_611800.htm
c:\windows\system32\cache329\B_329_4_1_634900.htm
c:\windows\system32\cache329\B_329_4_1_634900.swf
c:\windows\system32\cache329\B_329_4_1_642300.htm
c:\windows\system32\cache329\B_329_4_1_675600.htm
c:\windows\system32\cache329\B_329_4_1_675700.htm
c:\windows\system32\cache329\B_329_4_1_683100.gif
c:\windows\system32\cache329\B_329_4_1_683100.htm
c:\windows\system32\cache329\B_329_4_2_511500.gif
c:\windows\system32\cache329\B_329_4_2_511500.htm
c:\windows\system32\cache329\B_329_4_2_530700.gif
c:\windows\system32\cache329\B_329_4_2_530700.htm
c:\windows\system32\cache329\B_329_4_2_533400.htm
c:\windows\system32\cache329\B_329_4_2_533700.htm
c:\windows\system32\cache329\B_329_4_2_533700.jpg
c:\windows\system32\cache329\B_329_4_2_583100.htm
c:\windows\system32\cache329\B_329_4_2_583100.swf
c:\windows\system32\cache329\B_329_4_2_584100.htm
c:\windows\system32\cache329\B_329_4_2_584100.swf
c:\windows\system32\cache329\B_329_4_2_584300.htm
c:\windows\system32\cache329\B_329_4_2_584300.swf
c:\windows\system32\cache329\B_329_4_2_597200.htm
c:\windows\system32\cache329\B_329_4_2_611000.htm
c:\windows\system32\cache329\B_329_4_2_628400.gif
c:\windows\system32\cache329\B_329_4_2_628400.htm
c:\windows\system32\cache329\B_329_4_2_628900.gif
c:\windows\system32\cache329\B_329_4_2_628900.htm
c:\windows\system32\cache329\B_329_4_2_630100.htm
c:\windows\system32\cache329\B_329_4_2_630100.jpg
c:\windows\system32\cache329\B_329_4_2_630300.htm
c:\windows\system32\cache329\B_329_4_2_630300.jpg
c:\windows\system32\cache329\B_329_4_2_630800.gif
c:\windows\system32\cache329\B_329_4_2_630800.htm
c:\windows\system32\cache329\B_329_4_2_630900.gif
c:\windows\system32\cache329\B_329_4_2_630900.htm
c:\windows\system32\cache329\B_329_4_2_631100.htm
c:\windows\system32\cache329\B_329_4_2_631100.jpg
c:\windows\system32\cache329\B_329_4_2_631600.htm
c:\windows\system32\cache329\B_329_4_2_631600.jpg
c:\windows\system32\cache329\B_329_4_2_633600.htm
c:\windows\system32\cache329\B_329_4_2_633600.jpg
c:\windows\system32\cache329\B_329_4_2_633900.gif
c:\windows\system32\cache329\B_329_4_2_633900.htm
c:\windows\system32\cache329\B_329_4_2_635300.gif
c:\windows\system32\cache329\B_329_4_2_635300.htm
c:\windows\system32\cache329\B_329_4_2_635600.htm
c:\windows\system32\cache329\B_329_4_2_635600.jpg
c:\windows\system32\cache329\B_329_4_2_635700.htm
c:\windows\system32\cache329\B_329_4_2_635700.jpg
c:\windows\system32\cache329\B_329_4_2_650500.gif
c:\windows\system32\cache329\B_329_4_2_650500.htm
c:\windows\system32\cache329\B_329_4_2_682300.gif
c:\windows\system32\cache329\B_329_4_2_682300.htm
c:\windows\system32\cache329\B_329_4_2_682400.gif
c:\windows\system32\cache329\B_329_4_2_682400.htm
c:\windows\system32\cache329\B_329_4_2_682500.gif
c:\windows\system32\cache329\B_329_4_2_682500.htm
c:\windows\system32\cache329\B_329_4_2_682600.gif
c:\windows\system32\cache329\B_329_4_2_682600.htm
c:\windows\system32\cache329\B_329_4_2_689200.gif
c:\windows\system32\cache329\B_329_4_2_689200.htm
c:\windows\system32\cache329\B_329_4_3_553300.gif
c:\windows\system32\cache329\B_329_4_3_553300.htm
c:\windows\system32\cache329\B_329_4_3_553900.gif
c:\windows\system32\cache329\B_329_4_3_553900.htm
c:\windows\system32\cache329\B_329_4_3_554500.gif
c:\windows\system32\cache329\B_329_4_3_554500.htm
c:\windows\system32\cache329\B_329_4_3_565300.htm
c:\windows\system32\cache329\B_329_4_3_565300.swf
c:\windows\system32\cache329\B_329_4_3_577200.htm
c:\windows\system32\cache329\B_329_4_3_584200.htm
c:\windows\system32\cache329\B_329_4_3_584200.swf
c:\windows\system32\cache329\B_329_4_3_584700.gif
c:\windows\system32\cache329\B_329_4_3_584700.htm
c:\windows\system32\cache329\B_329_4_3_585100.gif
c:\windows\system32\cache329\B_329_4_3_585100.htm
c:\windows\system32\cache329\B_329_4_3_586100.gif
c:\windows\system32\cache329\B_329_4_3_586100.htm
c:\windows\system32\cache329\B_329_4_3_613900.htm
c:\windows\system32\cache329\B_329_4_3_641500.htm
c:\windows\system32\cache329\B_329_4_3_641500.swf
c:\windows\system32\cache329\B_329_4_3_644100.htm
c:\windows\system32\cache329\B_329_4_3_644100.swf
c:\windows\system32\cache329\B_329_4_3_644200.htm
c:\windows\system32\cache329\B_329_4_3_644200.swf
c:\windows\system32\cache329\B_329_4_3_645400.htm
c:\windows\system32\cache329\B_329_4_3_645400.swf
c:\windows\system32\cache329\B_329_4_3_661900.htm
c:\windows\system32\cache329\B_329_4_3_678500.htm
c:\windows\system32\cache329\B_329_4_3_678700.htm
c:\windows\system32\cache329\B_329_4_3_678900.htm
c:\windows\system32\cache329\B_329_4_3_688600.gif
c:\windows\system32\cache329\B_329_4_3_688600.htm
c:\windows\system32\cache329\B_329_4_4_503700.htm
c:\windows\system32\cache329\B_329_4_4_551300.htm
c:\windows\system32\cache329\B_329_4_4_551300.swf
c:\windows\system32\cache329\B_329_4_4_623400.gif
c:\windows\system32\cache329\B_329_4_4_623400.htm
c:\windows\system32\cache329\B_329_4_4_623500.gif
c:\windows\system32\cache329\B_329_4_4_623500.htm
c:\windows\system32\cache329\B_329_4_4_623600.gif
c:\windows\system32\cache329\B_329_4_4_623600.htm
c:\windows\system32\cache329\B_329_4_4_648300.htm
c:\windows\system32\cache329\B_329_4_4_648300.swf
c:\windows\system32\cache329\B_329_4_4_663900.htm
c:\windows\system32\cache329\B_329_4_4_663900.swf
c:\windows\system32\cache329\B_329_4_4_664700.htm
c:\windows\system32\cache329\B_329_4_4_664700.swf
c:\windows\system32\cache329\B_329_4_4_667100.htm
c:\windows\system32\cache329\B_329_4_4_667100.swf
c:\windows\system32\cache329\B_329_4_4_739300.htm
c:\windows\system32\cache329\B_329_4_4_739300.jpg
c:\windows\system32\cache329\B_524800.htm
c:\windows\system32\cache329\B_527100.htm
c:\windows\system32\cache329\B_528500.htm
c:\windows\system32\cache329\B_538500.htm
c:\windows\system32\cache329\B_544700.htm
c:\windows\system32\cache329\B_565700.htm
c:\windows\system32\cache329\B_575200.htm
c:\windows\system32\cache329\B_576800.htm
c:\windows\system32\cache329\B_582900.htm
c:\windows\system32\cache329\B_591300.htm
c:\windows\system32\cache329\B_604700.htm
c:\windows\system32\cache329\B_618800.htm
c:\windows\system32\cache329\B_631900.htm
c:\windows\system32\cache329\B_642100.htm
c:\windows\system32\cache329\B_677100.htm
c:\windows\system32\cache329\B_677300.htm
c:\windows\system32\cache329\B_677500.htm
c:\windows\system32\cache329\B_677700.htm
c:\windows\system32\cache329\B_677900.htm
c:\windows\system32\cache329\B_686800.htm
c:\windows\system32\cache329\B_686900.htm
c:\windows\system32\cache329\B_791300.htm
c:\windows\system32\cache329\t_B_329_0_1_561000.htm
c:\windows\system32\cache329\t_B_329_2_1_561000.htm
c:\windows\system32\cache329\t_B_329_3_1_561000.htm
c:\windows\system32\cache329\t_B_329_4_1_600800.htm
c:\windows\system32\cache329\t_B_329_4_1_611800.htm
c:\windows\system32\cache329\t_B_329_4_1_642300.htm
c:\windows\system32\cache329\t_B_329_4_1_675600.htm
c:\windows\system32\cache329\t_B_329_4_1_675700.htm
c:\windows\system32\cache329\t_B_329_4_3_577200.htm
c:\windows\system32\cache329\t_B_329_4_3_678500.htm
c:\windows\system32\cache329\t_B_329_4_3_678700.htm
c:\windows\system32\cache329\t_B_329_4_3_678900.htm
c:\windows\system32\cache329\t_B_524800.htm
c:\windows\system32\cache329\t_B_527100.htm
c:\windows\system32\cache329\t_B_528500.htm
c:\windows\system32\cache329\t_B_538500.htm
c:\windows\system32\cache329\t_B_544700.htm
c:\windows\system32\cache329\t_B_565700.htm
c:\windows\system32\cache329\t_B_575200.htm
c:\windows\system32\cache329\t_B_576800.htm
c:\windows\system32\cache329\t_B_582900.htm
c:\windows\system32\cache329\t_B_591300.htm
c:\windows\system32\cache329\t_B_604700.htm
c:\windows\system32\cache329\t_B_618800.htm
c:\windows\system32\cache329\t_B_631900.htm
c:\windows\system32\cache329\t_B_642100.htm
c:\windows\system32\cache329\t_B_677100.htm
c:\windows\system32\cache329\t_B_677300.htm
c:\windows\system32\cache329\t_B_677500.htm
c:\windows\system32\cache329\t_B_677700.htm
c:\windows\system32\cache329\t_B_677900.htm
c:\windows\system32\cache329\t_B_686800.htm
c:\windows\system32\cache329\t_B_686900.htm
c:\windows\system32\cache329\t_B_791300.htm
c:\windows\system32\fonts\ACADEMY_.PFB
c:\windows\system32\fonts\ACADEMY_.PFM
c:\windows\system32\fonts\ACADEMY_.TTF
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-18 18:47 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-03 04:15 . 2010-07-03 04:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-03 04:14 . 2010-07-03 04:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IObit
2010-07-03 04:14 . 2010-07-03 04:14 -------- d-----w- c:\program files\Trend Micro
2010-07-03 04:13 . 2010-07-03 04:13 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-07-03 03:29 . 2010-07-03 04:14 -------- d-----w- c:\program files\Registry Cleaner
2010-07-03 03:25 . 2010-07-03 03:25 -------- d-----w- c:\documents and settings\The Steelnacks.STEELNACK.000\Application Data\Sammsoft
2010-07-03 03:24 . 2010-07-03 04:14 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-07-02 17:34 . 2010-07-02 17:34 -------- d-----w- c:\program files\IObit
2010-06-30 03:02 . 2010-06-30 03:02 76296 ----a-w- c:\documents and settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-26 01:57 . 2010-07-03 04:13 -------- d-----w- c:\program files\EZ Label Xpress

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-19 02:26 . 2009-08-07 02:05 -------- d-----w- c:\documents and settings\The Steelnacks.STEELNACK.000\Application Data\LimeWire
2010-07-03 11:19 . 2009-04-25 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 04:14 . 2003-10-31 00:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-03 04:14 . 2010-02-15 02:25 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-03 04:13 . 2004-10-03 20:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-07-02 16:45 . 2008-01-05 15:15 -------- d-----w- c:\program files\MSN Games
2010-06-14 14:31 . 2004-10-03 16:02 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-04 14:53 . 2004-10-09 21:11 76296 ----a-w- c:\documents and settings\The Steelnacks.STEELNACK.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-04 13:54 . 2009-07-04 00:43 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-04 13:29 . 2007-03-18 15:14 -------- d-----w- c:\program files\PlayFirst
2010-06-04 02:30 . 2007-10-04 10:33 -------- d-----w- c:\program files\VirtualDJ
2010-06-04 02:25 . 2005-01-26 23:52 -------- d-----w- c:\program files\ItsDeductible2004
2010-06-04 02:24 . 2006-01-30 22:33 -------- d-----w- c:\program files\ItsDeductible2005
2010-06-04 02:17 . 2004-01-09 00:02 -------- d-----w- c:\program files\TurboTax
2010-06-04 02:10 . 2005-01-26 22:35 -------- d-----w- c:\program files\ItsDeductibleEX
2010-06-04 02:08 . 2009-07-07 03:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RapidSolution
2010-06-04 02:05 . 2007-06-04 19:48 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-06-04 02:02 . 2004-07-16 02:21 -------- d-----w- c:\program files\Common Files\Real
2010-06-04 01:59 . 2010-01-17 21:47 -------- d-----w- c:\program files\Nancy Drew
2010-06-04 01:45 . 2005-04-11 20:34 -------- d-----w- c:\program files\Common Files\Ahead
2010-06-04 01:45 . 2008-08-27 01:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Nero
2010-06-04 01:10 . 2008-10-09 00:05 -------- d-----w- c:\program files\Common Files\Apple
2010-06-01 17:37 . 2010-02-15 02:30 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 21:31 . 2010-05-20 21:25 106942640 ----a-w- c:\documents and settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\Sansa Media Converter.EXE
2010-05-06 10:41 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-09-03 17:11 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2009-04-25 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-04-25 18:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2004-09-26 19:27 . 2004-07-20 17:21 542 -c--a-w- c:\program files\EarthLink TotalAccessactions.met
2009-04-24 09:59 . 2009-04-24 09:59 2098 --sh--w- c:\windows\system32\luravufa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SansaDispatch"="c:\documents and settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-06-19 79872]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2009-12-28 2137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-10 28672]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2003-08-18 98304]
"Motive SmartBridge"="c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2008-09-09 438359]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2007-11-20 731136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-05-10 110592]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 11776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\The Steelnacks.STEELNACK.000\Start Menu\Programs\Startup\
MiniMinder.lnk - c:\program files\MiniMind\MiniMind.exe [2006-1-25 241664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Virtual Assistant.lnk]
backup=c:\windows\pss\Virtual Assistant.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wambo

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 05:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2002-09-23 13:50 36864 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-10-01 22:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 16:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-10-06 18:16 741376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2002-09-23 13:25 45108 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
2004-07-06 21:46 159744 ----a-w- c:\program files\Saitek\Software\Profiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 19:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
2004-07-06 21:46 98304 ----a-w- c:\program files\Saitek\Software\SaiSmart.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\dvd43\\DVD43_Tray.exe"=
"c:\\Program Files\\Visioneer OneTouch\\OneTouchMon.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [7/2/2010 1:34 PM 312152]
R3 MSTACKJ;MusicStacker VSDJ;c:\windows\system32\drivers\vadsimple10.sys [11/12/2007 10:42 PM 19456]
S1 awjvtaye;awjvtaye;\??\c:\windows\system32\drivers\awjvtaye.sys --> c:\windows\system32\drivers\awjvtaye.sys [?]
S2 agentcd;DriverAgent Class Driver;\??\c:\windows\System32\AgentCD.sys --> c:\windows\System32\AgentCD.sys [?]
S2 GEARSecurity_BackUp;GEARSecurity_BackUp;system32\gearsec.exe --> system32\gearsec.exe [?]
S2 Mojave;Dazzle Mojave Device;c:\windows\system32\drivers\Mojave.sys [6/9/2007 10:42 AM 120352]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [10/11/2004 8:59 PM 91520]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\THESTE~1.000\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\THESTE~1.000\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 GearAspiWDM_BackUp;GEARAspiWDM;c:\windows\system32\drivers\GEARAspiWDM.sys [4/11/2005 6:50 AM 15464]
S3 iTurns;iTurns;c:\windows\system32\drivers\iTurnsDriver.sys [11/28/2008 3:26 PM 10704]
S3 NUVision;Pinnacle Fusion Video;c:\windows\system32\drivers\nuvvid2.sys [3/30/2008 5:14 PM 155264]
S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [6/25/2005 3:00 PM 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\saiuFF0C.sys [6/25/2005 3:00 PM 19584]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [7/6/2009 11:35 AM 16640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 19:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Subscribe in default RSS reader - c:\documents and settings\The Steelnacks.STEELNACK.000\Application Data\RssBandit\iecontext_subscribefeed.htm
LSP: c:\windows\system32\securenet.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265758891304
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe



**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\The Steelnacks.STEELNACK.000\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?<?/?d?i?v?>? ? ?<?/?b?o?d?y?>? ? ?<?/?h?t?m?l?>???>? ? ???\?b?o????????? ?<?/?h?t?m?l?>???<?/?b???a?y?>????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\securenet.dll

- - - - - - - > 'explorer.exe'(3032)
c:\windows\system32\WININET.dll
c:\progra~1\VIRTUA~1\SMARTB~1\SBHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\securenet.dll
.
Completion time: 2010-07-19 23:09:29
ComboFix-quarantined-files.txt 2010-07-20 03:09

Pre-Run: 52,480,876,544 bytes free
Post-Run: 52,432,596,992 bytes free

- - End Of File - - E356EF88FE1F2264235BBF1F30875706


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:55 PM

Posted 20 July 2010 - 09:39 AM

Hello again,
How are things running now? What problems do you still have left?

P2P WARNING
-------------------
Going over your logs I noticed that you have LimeWire installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smrgsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 gatorwib1

gatorwib1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 20 July 2010 - 03:52 PM

All is well!
Wow. That thing was a monster. Great job taking me through the steps; I owe you a beer.
Thanks!

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:55 PM

Posted 20 July 2010 - 03:58 PM

Glad to hear things are fine. smile.gif

We still have some last steps to do here, so please post back with the MBAM scan results.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:55 PM

Posted 16 August 2010 - 07:01 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users