Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New malware help request -- Reply to boopme


  • This topic is locked This topic is locked
17 replies to this topic

#1 PixelHo

PixelHo

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 27 March 2011 - 06:33 PM

A continuation of this thread,

http://www.bleepingcomputer.com/forums/topic387398.html/page__pid__2184493#entry2184493

moved here by request.

Well its anadvisable to run Combofis=x on your own and your system seems un stable/ You should repost this with a DDS log.
Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.

Let me know if that went well.


No, it did not go well.

No CD emulators are present, according to Defogger.

I was unable to get DDS to complete its scan. To my knowledge, I have no active script blockers, although a number of years ago I implemented this registry script "fix":

REGEDIT4

[HKEY_CLASSES_ROOT\VBSFile\Shell]
@="Edit"

[HKEY_CLASSES_ROOT\VBSFile\Shell\Edit]
@="&Edit"

[HKEY_CLASSES_ROOT\VBSFile\Shell\Edit\Command]
@="C:\\WINDOWS\\Notepad.exe %1"

[HKEY_CLASSES_ROOT\VBEfile\Shell]
@="Edit"

[HKEY_CLASSES_ROOT\VBEfile\Shell\Edit]
@="&Edit"

[HKEY_CLASSES_ROOT\VBEfile\Shell\Edit\Command]
@="C:\\WINDOWS\\Notepad.exe %1"

I don't know if the above registry edit is affecting DDS or not...

I shut down my security apps (I'm only running MSE and Commodo) and disabled their services but no joy with DDS (tried 3 times). Ran Rkill and it found nothing to terminate. Then I tried running DDS in safe mode, left it alone for nearly 20 minutes and it again failed to complete. The "progress bar" (series of colons) made it about 3/4 of the way across the window and then DDS essentially locked up my computer (the mouse was still active but I couldn't close DDS or open anything else).

Gmer had the same results as before (i.e., none).


Please post my next assignment. I will be away from my computer most of each working day but I'll make a new effort tomorrow evening and subsequent evenings if necessary.

Thanks.

EDIT: Added HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:07:17 AM, on 3/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe
C:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe
C:\Program Files\Powerware\LanSafe\bin\httpserver.exe
C:\Program Files\Powerware\LanSafe\bin\status_glance.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\Utilities\Everything\Everything.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Utilities\WizMouse\WizMouse.exe
C:\Utilities\Launchy\Launchy.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Propel Accelerator\PropelAC.exe
C:\Documents and Settings\hp\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - blank (file missing)
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PROPEL~1\PRPL_I~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [PDFCreatorClient] "C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe"
O4 - HKLM\..\Run: [Everything] "C:\Utilities\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [WizMouse] "C:\Utilities\WizMouse\WizMouse.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Launchy.lnk = C:\Utilities\Launchy\Launchy.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139566751843
O17 - HKLM\System\CCS\Services\Tcpip\..\{37386704-C463-4482-ACD3-E974CB308E38}: NameServer = 66.174.95.44 69.78.96.14
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LanSafe Power Monitor (LanSafe PM) - Eaton Corporation - C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe
O23 - Service: LanSafe Process Manager - Powerware - C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd. - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 8722 bytes

Edited by PixelHo, 28 March 2011 - 04:12 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:03 PM

Posted 03 April 2011 - 08:46 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 PixelHo

PixelHo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 03 April 2011 - 10:19 AM

The original problem is as described in the previous post:

Yesterday I decided to install Photoshop CS5 after having it on my bookshelf for nearly a year. The installer never got past the very initial stages of inspecting the system config before I got a Win32k.sys bluescreen. This happened 3 times in a row.

I reverted back to a computer image I made in Sept. 2010 and CS5 installed successfully. However, being curious, I tried to run both GMER and Combofix. Neither one ran. Double clicking on GMER just locked up my computer, while Combofix got to the pre-scanning stage ("take about ten minutes" etc.) but never progressed to any of the actual scanning stages.

Same results in safe mode.

So, I'm not sure if I have an infection or not. Any advice is appreciated (XP Pro SP3) .

Thanks.


Scan results are as follows:

OTL.TXT

OTL logfile created on: 4/3/2011 10:02:22 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\hp\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
10.00 Gb Paging File | 9.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.25 Gb Total Space | 16.18 Gb Free Space | 47.25% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 279.73 Gb Free Space | 30.03% Space Free | Partition Type: NTFS
Drive E: | 97.65 Gb Total Space | 92.15 Gb Free Space | 94.36% Space Free | Partition Type: NTFS
Drive F: | 833.86 Gb Total Space | 420.96 Gb Free Space | 50.48% Space Free | Partition Type: NTFS
Drive L: | 1.91 Gb Total Space | 0.23 Gb Free Space | 12.07% Space Free | Partition Type: FAT
Drive O: | 102.76 Gb Total Space | 32.78 Gb Free Space | 31.90% Space Free | Partition Type: NTFS

Computer Name: PIXELDUCK0222 | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/03 10:00:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hp\Desktop\OTL.exe
PRC - [2011/03/27 12:13:34 | 002,548,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/03/27 12:13:22 | 001,803,224 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/07/29 01:33:52 | 000,983,087 | ---- | M] (Propel Software Corporation) -- C:\Program Files\Propel Accelerator\PropelAC.exe
PRC - [2009/06/17 09:37:54 | 000,028,672 | R--- | M] () -- C:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exe
PRC - [2009/06/17 09:37:06 | 000,507,904 | R--- | M] (Eaton Corporation) -- C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe
PRC - [2009/06/08 18:28:22 | 000,081,920 | ---- | M] (Powerware) -- C:\Program Files\Powerware\LanSafe\Bin\status_glance.exe
PRC - [2009/06/08 18:28:22 | 000,057,344 | ---- | M] (Powerware) -- C:\Program Files\Powerware\LanSafe\Bin\XYNTService.exe
PRC - [2009/06/08 18:28:22 | 000,049,152 | ---- | M] (Powerware) -- C:\Program Files\Powerware\LanSafe\Bin\httpserver.exe
PRC - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:\Utilities\Everything\Everything.exe
PRC - [2009/03/06 12:09:40 | 000,552,184 | ---- | M] (Antibody Software) -- C:\Utilities\WizMouse\WizMouse.exe
PRC - [2008/08/05 20:16:40 | 000,286,720 | ---- | M] () -- C:\Utilities\Launchy\Launchy.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/11 14:25:44 | 000,438,272 | ---- | M] (Global Graphics Software Ltd.) -- C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
PRC - [2006/10/11 14:24:28 | 000,126,976 | ---- | M] (Global Graphics Software Ltd.) -- C:\WINDOWS\system32\PDFCreatorMessages.exe
PRC - [2005/10/19 15:52:32 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/10/19 15:31:52 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2001/08/09 02:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


========== Modules (SafeList) ==========

MOD - [2011/04/03 10:00:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hp\Desktop\OTL.exe
MOD - [2011/03/27 12:15:34 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/03/27 12:13:22 | 001,803,224 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/11 22:36:10 | 001,619,272 | ---- | M] (O&O Software GmbH) [On_Demand | Stopped] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2010/05/11 22:36:10 | 001,619,272 | ---- | M] (O&O Software GmbH) [On_Demand | Stopped] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2010/05/09 05:17:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/17 09:37:06 | 000,507,904 | R--- | M] (Eaton Corporation) [Auto | Running] -- C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe -- (LanSafe PM)
SRV - [2009/06/11 17:44:20 | 001,263,872 | ---- | M] (Matrox Graphics Inc.) [Disabled | Stopped] -- c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe -- (Matrox Centering Service)
SRV - [2009/06/11 17:43:28 | 000,344,832 | ---- | M] (Matrox Graphics Inc) [Disabled | Stopped] -- c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe -- (Matrox.Pdesk.ServicesHost)
SRV - [2009/06/08 18:28:22 | 000,057,344 | ---- | M] (Powerware) [On_Demand | Running] -- C:\Program Files\Powerware\LanSafe\Bin\XYNTService.exe -- (LanSafe Process Manager)
SRV - [2006/10/11 14:24:28 | 000,126,976 | ---- | M] (Global Graphics Software Ltd.) [On_Demand | Running] -- C:\WINDOWS\system32\PDFCreatorMessages.exe -- (PDFCreatorMessages)
SRV - [2005/10/19 15:31:52 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2005/01/27 18:16:58 | 000,856,064 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/11/22 17:04:14 | 001,273,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost)
SRV - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2001/08/09 02:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - [2011/04/03 06:09:16 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE85E9B8-BB08-4A4C-A844-26492A7CD165}\MpKsle690683b.sys -- (MpKsle690683b)
DRV - [2011/03/27 12:15:32 | 000,094,784 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/03/27 12:15:32 | 000,027,576 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/03/27 12:15:31 | 000,239,368 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/05/26 20:03:27 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/18 18:27:30 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/18 18:27:30 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/12 06:13:32 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2009/08/12 06:13:32 | 000,113,680 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2009/08/12 06:13:32 | 000,054,416 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2009/08/12 06:13:28 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2009/08/12 06:13:28 | 000,011,920 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTDUWFLT.sys -- (PTDUWFLT)
DRV - [2009/06/30 10:23:24 | 000,005,504 | ---- | M] (Matrox Graphics Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mtxparmx.sys -- (Mtxparmx)
DRV - [2009/06/30 10:23:18 | 001,487,488 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTXPARM.sys -- (MTXPAR)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/04/14 00:15:34 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2007/04/06 17:38:36 | 000,166,912 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/03/28 15:32:56 | 000,044,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i1display.sys -- (i1display)
DRV - [2005/11/14 19:35:23 | 000,005,152 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\io.sys -- (io.sys)
DRV - [2005/07/06 19:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/04/13 12:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2005/04/13 12:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2005/04/06 03:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/06 03:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/27 18:08:02 | 000,099,200 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/01/27 18:07:34 | 000,028,928 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/01/27 12:07:28 | 000,027,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/01/09 21:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/09 21:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/11/22 17:08:54 | 000,046,800 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount)
DRV - [2004/11/22 16:51:58 | 000,138,801 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i)
DRV - [2003/03/19 09:28:20 | 000,007,296 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)
DRV - [2002/11/04 18:31:58 | 000,082,920 | ---- | M] (U.S. Robotics) [Kernel | System | Running] -- C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\myscope.sys -- (Myscope)
DRV - [2002/11/04 18:31:32 | 000,065,592 | ---- | M] (U.S. Robotics) [Kernel | On_Demand | Running] -- C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\usrserft.sys -- (Usrserft)
DRV - [2002/10/24 13:31:22 | 000,016,896 | ---- | M] (O&O Software GmbH) [Kernel | Auto | Running] -- C:\Program Files\OO Software\DriveLED\oodleddr.sys -- (oodld)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.BAK -- (Aspi32)
DRV - [2002/04/02 15:30:16 | 000,033,024 | ---- | M] (Colorvision Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cvspydr2.sys -- (cvspydr2)
DRV - [2002/01/14 21:07:50 | 000,015,584 | ---- | M] (Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: info@nero.com) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NeroCd2k.sys -- (NeroCd2k)
DRV - [2001/12/21 11:10:08 | 000,303,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)
DRV - [2001/08/17 07:49:00 | 000,075,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpae.sys -- (atirage3)
DRV - [2001/04/09 13:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-515967899-1958367476-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
IE - HKU\S-1-5-21-515967899-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-515967899-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-515967899-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.31
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:0.7.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.https: ""
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/05 13:02:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 15:14:27 | 000,000,000 | ---D | M]

[2010/03/13 15:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\hp\Application Data\Mozilla\Extensions
[2011/03/26 15:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\hp\Application Data\Mozilla\Firefox\Profiles\m8e1jfbk.default\extensions
[2010/03/13 15:54:55 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\hp\Application Data\Mozilla\Firefox\Profiles\m8e1jfbk.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/09/16 16:30:32 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\hp\Application Data\Mozilla\Firefox\Profiles\m8e1jfbk.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/06/20 07:50:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\hp\Application Data\Mozilla\Firefox\Profiles\m8e1jfbk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/20 07:50:51 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\hp\Application Data\Mozilla\Firefox\Profiles\m8e1jfbk.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/13 20:05:02 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\hp\Application Data\Mozilla\Firefox\Profiles\m8e1jfbk.default\extensions\tineye@ideeinc.com
[2010/03/18 16:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\HP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M8E1JFBK.DEFAULT\EXTENSIONS\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
[2007/06/11 15:34:34 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32_back.dll

O1 HOSTS File: ([2011/03/26 06:52:22 | 000,622,493 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 16436 more lines...
O2 - BHO: (ClickCatcher MSIE handler) - {16664845-0E00-11D2-8059-000000000000} - File not found
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - File not found
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Propel Accelerator\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ReGet Bar) - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll (ReGet Software)
O3 - HKU\S-1-5-21-515967899-1958367476-725345543-1003\..\Toolbar\ShellBrowser: (ReGet Bar) - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll (ReGet Software)
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Everything] C:\Utilities\Everything\Everything.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe (Global Graphics Software Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKU\S-1-5-21-515967899-1958367476-725345543-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-515967899-1958367476-725345543-1003..\Run: [WizMouse] C:\Utilities\WizMouse\WizMouse.exe (Antibody Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Utilities\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-1958367476-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515967899-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-515967899-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-515967899-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-515967899-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-515967899-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-515967899-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 10
O7 - HKU\S-1-5-21-515967899-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\cc_link.htm ()
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\cc_all.htm ()
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html ()
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - File not found
O15 - HKU\S-1-5-21-515967899-1958367476-725345543-1003\..Trusted Domains: istockphoto.com ([secure] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139566751843 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/11 20:21:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/15 19:48:40 | 000,000,000 | ---D | M] - O:\Auto Collage -- [ NTFS ]
O33 - MountPoints2\{bba0f2a6-b7a3-11df-9ffa-98bab6a469b4}\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "Matrox.Pdesk.ServicesHost"
MsConfig - Services: "Matrox Centering Service"
MsConfig - StartUpReg: Matrox PowerDesk SE - hkey= - key= - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe (Matrox Graphics Inc.)
MsConfig - StartUpReg: NVMixerTray - hkey= - key= - C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Reg Error: Value error.
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {92A660AC-4D0E-596F-804A-B65BF7B72AEB} - Microsoft Windows Media Player 6.4
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/03 10:00:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hp\Desktop\OTL.exe
[2011/04/03 08:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\Oloneo
[2011/04/03 08:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Oloneo PhotoEngine
[2011/04/03 05:59:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\hp\Recent
[2011/04/02 16:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/01 18:48:41 | 000,000,000 | ---D | C] -- C:\SSC Service Utility
[2011/03/31 20:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Desktop\OLD
[2011/03/30 21:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Desktop\Web or email use
[2011/03/30 19:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Desktop\Print
[2011/03/27 20:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Desktop\bc
[2011/03/27 15:28:39 | 000,000,000 | ---D | C] -- D:\My Documents\Adobe
[2011/03/27 15:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\AdobeLensProfileDownloader
[2011/03/27 15:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Lens Profile Downloader
[2011/03/27 11:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/03/26 16:04:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0377BAED-6812-4408-9735-D65D68E7CA12}
[2011/03/26 16:04:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{529BBEB3-0369-420C-BD9C-37553D289203}
[2011/03/26 16:01:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{8265C354-3D13-4FE5-95C7-65F277FF3041}
[2011/03/26 16:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Local Settings\Application Data\PackageAware
[2011/03/26 15:52:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hp\Start Menu\Programs\Security
[2011/03/26 15:47:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security
[2011/03/26 15:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro4
[2011/03/26 15:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/26 15:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\Adobe Mini Bridge CS5
[2011/03/26 15:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/26 14:30:16 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/03/26 14:23:51 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/03/26 14:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/03/26 14:13:22 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/03/26 13:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/03/13 18:49:23 | 000,000,000 | ---D | C] -- D:\My Documents\Simply Super Software
[2002/04/10 04:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2011/04/03 10:00:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hp\Desktop\OTL.exe
[2011/04/03 05:59:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/03 05:57:52 | 000,049,156 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/04/03 05:57:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/03 05:57:30 | 002,948,655 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2011/04/01 02:00:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PIXELDUCK0222-hp.job
[2011/03/30 17:59:45 | 001,342,484 | ---- | M] () -- C:\Documents and Settings\hp\Desktop\master-bedroom-lamps.jpg
[2011/03/28 19:42:23 | 000,190,976 | ---- | M] () -- C:\Documents and Settings\hp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/28 17:59:20 | 000,001,675 | ---- | M] () -- C:\Documents and Settings\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Photomatix Pro 4.0.2 (32-bit) (2).lnk
[2011/03/27 20:57:53 | 002,303,317 | ---- | M] () -- C:\Documents and Settings\hp\Desktop\Master_Bedroom2.JPG
[2011/03/27 20:48:38 | 000,443,860 | ---- | M] () -- C:\Documents and Settings\hp\Desktop\CrosbyTwiss_Anisa-IMG_6248.jpg
[2011/03/27 20:47:03 | 000,766,297 | ---- | M] () -- C:\Documents and Settings\hp\Desktop\dscf0576.jpg
[2011/03/27 17:50:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\hp\defogger_reenable
[2011/03/27 12:15:34 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/03/27 12:15:32 | 000,094,784 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/03/27 12:15:32 | 000,027,576 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/03/27 12:15:31 | 000,239,368 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/03/27 12:15:31 | 000,015,592 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/03/27 06:18:40 | 003,975,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/26 21:07:27 | 000,118,513 | ---- | M] () -- C:\Documents and Settings\hp\Desktop\FileMigration.zip
[2011/03/26 17:34:19 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Bridge CS5.lnk
[2011/03/26 17:34:16 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop CS5.lnk
[2011/03/26 14:51:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/26 14:42:02 | 000,468,906 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/26 14:42:02 | 000,084,214 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/26 14:17:46 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/03/26 06:52:32 | 000,152,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.zip
[2011/03/26 06:52:22 | 000,622,493 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/22 20:28:44 | 000,247,545 | ---- | M] () -- D:\My Documents\_DSC0598.jpg
[2011/03/08 23:04:52 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\SyncBackSE Post Ghost.job

========== Files Created - No Company Name ==========

[2011/03/29 05:07:57 | 001,342,484 | ---- | C] () -- C:\Documents and Settings\hp\Desktop\master-bedroom-lamps.jpg
[2011/03/28 17:59:20 | 000,001,675 | ---- | C] () -- C:\Documents and Settings\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Photomatix Pro 4.0.2 (32-bit) (2).lnk
[2011/03/27 20:36:04 | 000,443,860 | ---- | C] () -- C:\Documents and Settings\hp\Desktop\CrosbyTwiss_Anisa-IMG_6248.jpg
[2011/03/27 20:32:53 | 000,766,297 | ---- | C] () -- C:\Documents and Settings\hp\Desktop\dscf0576.jpg
[2011/03/27 20:25:02 | 002,303,317 | ---- | C] () -- C:\Documents and Settings\hp\Desktop\Master_Bedroom2.JPG
[2011/03/27 17:50:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hp\defogger_reenable
[2011/03/26 21:06:50 | 000,118,513 | ---- | C] () -- C:\Documents and Settings\hp\Desktop\FileMigration.zip
[2011/03/26 17:39:06 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PIXELDUCK0222-hp.job
[2011/03/26 17:34:19 | 000,000,953 | ---- | C] () -- C:\Documents and Settings\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Bridge CS5.lnk
[2011/03/26 17:34:16 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop CS5.lnk
[2011/03/26 15:29:59 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\SyncBackSE Post Ghost.job
[2011/03/26 14:17:46 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/22 20:28:41 | 000,247,545 | ---- | C] () -- D:\My Documents\_DSC0598.jpg
[2010/05/31 11:49:15 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\i1display.sys
[2010/01/19 16:39:12 | 000,000,305 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/11/28 10:07:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Automatic Filter
[2008/11/28 10:07:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\hp\Application Data\Audio
[2008/11/28 10:03:27 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/11/27 18:17:33 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/11/27 16:58:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SingleFiles
[2008/06/09 20:04:48 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\MtxEscape.dll
[2008/05/14 18:06:26 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RBRegEx350.dll
[2008/05/14 18:06:26 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\LP0310.dll
[2008/05/14 18:06:26 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2008/05/14 18:06:26 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\MBSPlugin.DLL
[2008/05/14 18:06:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RBShell400.dll
[2008/05/14 18:06:26 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\MBSRegistryPlugin.DLL
[2008/05/14 18:06:26 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\MBSFolderPlugin.DLL
[2008/05/14 18:06:26 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\MBSMacTTPlugin.DLL
[2008/05/14 18:06:26 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\LP0301Gestalt.dll
[2008/05/14 18:06:26 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\MBSRegPlugin.DLL
[2008/05/14 18:06:26 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\LP0301ResFork.dll
[2008/05/14 18:06:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\LP0301LinkFile.dll
[2007/12/15 02:32:52 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2007/12/05 19:52:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/11/25 19:04:02 | 008,680,431 | ---- | C] () -- C:\Program Files\Phase One.zip
[2007/09/02 19:39:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hp\Application Data\Audio Units
[2007/09/02 19:36:28 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2007/04/06 17:38:48 | 000,135,253 | ---- | C] () -- C:\WINDOWS\System32\WdReg.exe
[2006/12/16 18:55:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/06 20:08:30 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2006/07/29 15:27:28 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2006/07/18 20:50:48 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2006/07/08 04:26:15 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2006/07/08 04:14:06 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\getfile.dat
[2006/07/04 07:48:58 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_findrunrobot_InstallInfo.dat
[2006/07/04 07:48:58 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\hp\Local Settings\Application Data\DonationCoder_findrunrobot_InstallInfo.dat
[2006/07/04 06:46:46 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_processtamer_InstallInfo.dat
[2006/07/04 06:46:46 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\hp\Local Settings\Application Data\DonationCoder_processtamer_InstallInfo.dat
[2006/07/02 15:33:14 | 000,003,144 | ---- | C] () -- C:\Program Files\Common Files\sRGB-cs.icm
[2006/06/18 05:50:20 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/06/17 17:16:20 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2006/06/17 17:16:20 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/05/30 18:50:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\the.ini
[2006/02/05 20:42:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\BBUninstall.exe
[2006/01/04 20:11:03 | 000,296,448 | ---- | C] () -- C:\WINDOWS\Xenofex.ini
[2005/12/21 07:39:27 | 000,000,725 | ---- | C] () -- C:\WINDOWS\Findit32.INI
[2005/12/19 15:29:49 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\niknakXML.dll
[2005/12/19 15:29:49 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\EventConsumer.dll
[2005/12/19 15:29:49 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2005/12/19 15:29:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWSMacroUtils.dll
[2005/12/19 15:29:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PDFMacroUtils.dll
[2005/12/16 14:29:29 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/11 06:13:07 | 000,000,896 | ---- | C] () -- C:\WINDOWS\System32\hpsj16.dll
[2005/12/11 06:13:07 | 000,000,687 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpscan16.sys
[2005/12/11 06:13:06 | 000,000,057 | ---- | C] () -- C:\WINDOWS\HPDS23.INI
[2005/11/23 20:37:00 | 000,000,685 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/23 17:35:50 | 000,049,156 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2005/11/23 16:24:02 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2005/11/23 16:24:02 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2005/11/22 12:20:49 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2005/11/17 17:01:28 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2005/11/17 17:01:08 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2005/11/17 16:38:48 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\hp\Local Settings\Application Data\fusioncache.dat
[2005/11/14 19:35:23 | 000,005,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\io.sys
[2005/11/12 09:16:01 | 000,190,976 | ---- | C] () -- C:\Documents and Settings\hp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/11 22:30:10 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/11 22:30:10 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/11/11 21:31:16 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/11/11 20:37:16 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\hp\Local Settings\Application Data\FASTWiz.html
[2005/11/11 20:25:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/11 20:18:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/11 15:07:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/11 15:05:09 | 003,975,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/05/02 22:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,468,906 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,084,214 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/01 21:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2002/03/19 17:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe
[2001/11/21 12:05:01 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\sdpsenv.dat
[2000/09/14 02:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1998/06/22 05:29:56 | 000,002,480 | --S- | C] () -- C:\WINDOWS\System32\argtmp39.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> D:\My Documents\My Serials.txt:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\ODBCINST.INI:SummaryInformation
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\ODBCINST.INI:hii
@Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s1
@Alternate Data Stream - 2560 bytes -> C:\Documents and Settings\All Users\Application Data\sdpsenv.dat:naughtypirates
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

EXTRAS.TXT

OTL Extras logfile created on: 4/3/2011 10:02:22 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\hp\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
10.00 Gb Paging File | 9.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.25 Gb Total Space | 16.18 Gb Free Space | 47.25% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 279.73 Gb Free Space | 30.03% Space Free | Partition Type: NTFS
Drive E: | 97.65 Gb Total Space | 92.15 Gb Free Space | 94.36% Space Free | Partition Type: NTFS
Drive F: | 833.86 Gb Total Space | 420.96 Gb Free Space | 50.48% Space Free | Partition Type: NTFS
Drive L: | 1.91 Gb Total Space | 0.23 Gb Free Space | 12.07% Space Free | Partition Type: FAT
Drive O: | 102.76 Gb Total Space | 32.78 Gb Free Space | 31.90% Space Free | Partition Type: NTFS

Computer Name: PIXELDUCK0222 | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera10\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera10\Opera.exe" %1 (Opera Software)
https [open] -- "C:\Program Files\Opera10\Opera.exe" %1 (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Graphic Design\Image Editors\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse in Ember] -- C:\Program Files\Firehand Technologies\Ember\Ember.exe %1 (Firehand Technologies Corporation)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Opera10\opera.exe" = C:\Program Files\Opera10\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Graphic Design\Layout\InDesign\InDesign.exe" = C:\Graphic Design\Layout\InDesign\InDesign.exe:*:Enabled:InDesign Application -- (Adobe Systems Incorporated)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15047293-954F-45B2-8A7B-D7226D2B6931}" = SyncToy
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{165F5D21-3B1E-46E7-A400-4A9247018F1B}" = Matrox GigaColor Viewer
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{246BA842-1DA8-4860-9F0B-623D0FEDBD3E}_is1" = Pixel Vistas PhotoLift 2.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2D87882E-0899-42B8-A75E-5AC70F047EB9}" = Matrox PowerDesk-SE
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C759736-8347-4031-BB9C-D75ADFE6B101}" = Norton Ghost 9.0
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1
"{42583D0F-F958-460C-9E6B-43A1F68B830B}" = U.S. Robotics Internet Call Notification
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{53480040-A8B8-4B08-8F1C-FEA6D87EABAE}" = O&O DriveLED
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548D4E14-F59D-4FA3-A357-CE5BA0D41D34}" = Opera 11.01
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B14FCEE-A1D6-4CF3-B6EF-C0DDA98F978C}" = Genuine Fractals PrintPro
"{6C339FBF-5DC9-4549-A334-7603D2996031}" = LanSafe
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7EBDCF7F-FB47-4F30-8C8B-B8EC63907704}" = NEC DISPLAY SOLUTIONS SpectraView II
"{7F231232-C309-4401-964A-2A002B6E1ED9}" = Microsoft Baseline Security Analyzer 2.0.1
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8117EA22-035F-4880-86AE-AC7C4F1FA3E2}" = Topaz ReMask 3
"{81B109ED-6ECA-49FF-9238-8E31FA5DB1A9}_is1" = RescuePRO 3.4.0.34
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZP
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{928BEC36-9F90-4AED-AC30-69323D3D5556}" = Kodak DIGITAL GEM Airbrush Professional Plug-In 1.0
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}" = Nikon Scan
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{9FDC7042-CB9F-4336-A14C-DF10F53762E2}" = Topaz Adjust 4
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2A227E0-8DEC-11D2-A564-B2890D000000}" = Jaws PDF Creator 4.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD48471E-87BC-4311-8E32-B81F6969D446}" = Carrara 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C79A8FB1-1AF3-42AD-95AC-B54EF649309D}" = Matrox Monitor Manager
"{C97D06C9-1A67-492B-26B1-72617062AB7E}" = Adobe Lens Profile Downloader
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDC85536-A0EF-4401-82A6-25D8EFC7EFAC}" = VZAccess Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC114155-C015-11D1-8034-00A0C98CDA82}" = ColorShop 2.6
"{DE4B4C39-1FB9-48D9-9B17-BE65DDC33B5B}" = PTLens
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5B72007-07C9-4E67-B29E-696073F45704}" = DropMyRights
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED6C5ECD-5AA4-4054-BF67-8F49526E5765}" = O&O Defrag Professional
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F99CEAB4-F968-11D4-AB80-00C04FA37B03}" = Bump Texture Tools for Photoshop
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"AbiWord2" = AbiWord 2.8.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign 2.0" = Adobe InDesign 2.0.2
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AdobeLensProfileDownloader" = Adobe Lens Profile Downloader
"Apophysis 2.0" = Apophysis 2.0
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Blow Up" = Alien Skin Blow Up
"Capture NX 2" = Capture NX 2
"Capture One LE 3.7.7" = Capture One LE 3.7.7
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Versace Edition" = Color Efex Pro 3.0 Versace Edition
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DOFMasterChart" = DOFMaster Hyperfocal Chart
"Easy Time Tracking" = Easy Time Tracking 3.0.6
"EncryptOnClick_is1" = EncryptOnClick
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"Everything" = Everything 1.2.1.371
"Exposure 2" = Alien Skin Exposure 2
"ExtractNow_is1" = ExtractNow
"Find and Run Robot_is1" = Find+Run Robot 1.09.05
"Firehand Ember" = Firehand Ember
"Focus Magic" = Focus Magic
"GNU Aspell_is1" = GNU Aspell 0.50-3
"HashOnClick_is1" = HashOnClick
"HijackThis" = HijackThis 1.99.1
"HP DeskScan II" = HP DeskScan II
"IconSaver" = IconSaver
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7EBDCF7F-FB47-4F30-8C8B-B8EC63907704}" = NEC DISPLAY SOLUTIONS SpectraView II
"IsoBuster_is1" = IsoBuster 1.6
"Kai's Power Tools 5" = Kai's Power Tools 5
"KPT Equalizer" = KPT Equalizer
"Launchy_21344213_is1" = Launchy 2.1.2
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Macromedia FreeHand 8" = Macromedia FreeHand 8
"Macromedia FreeHand 9" = Macromedia FreeHand 9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matrox Parhelia Driver Uninstaller" = Matrox Driver
"Matrox XPDM Uninstaller" = Matrox Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Neat Image_is1" = Neat Image v5.6 Home
"NEC DISPLAY SOLUTIONS Drivers" = NEC DISPLAY SOLUTIONS: Monitor Installer
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Noise Ninja (Standalone Version)_is1" = Noise Ninja 2 (Standalone Version)
"NVIDIA Drivers" = NVIDIA Drivers
"Oloneo PhotoEngine" = Oloneo PhotoEngine
"PhotomatixPro4.0x32_is1" = Photomatix Pro version 4.0.2
"Process Tamer_is1" = Process Tamer 2.05.02
"Propel Accelerator" = Propel Accelerator
"RegEditX" = RegEditX
"ReGet Opera plugin" = ReGet Opera plugin
"RegHealer_is2" = Registry Healer 4.5.0 uninstall
"SmartClose.{7F22CBCB-92B5-4F5D-9A34-BB690215BEF2}_is1" = SmartClose 1.2
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SSC Service Utility_is1" = SSC Service Utility v4.30
"ST5UNST #1" = E-Icons
"Startup Optimizer_is1" = Startup Optimizer 1.6
"Super Winspy_is1" = Super Winspy v3.02
"SwitchOff" = Switch Off
"SyncBackSE_is1" = SyncBackSE
"SysInfo" = Creative System Information
"Tablet Driver" = Tablet
"Topaz Adjust 4" = Topaz Adjust 4
"Topaz DeNoise 5" = Topaz DeNoise 5
"Topaz ReMask 3" = Topaz ReMask 3
"Tweak UI 2.10" = Tweak UI
"U.S. Robotics Modem Identification Wizard" = U.S. Robotics Modem Identification Wizard
"Unlocker" = Unlocker 1.8.5
"VertusFluidMask" = Vertus Fluid Mask 2.0.3
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinDriver 9.0.0.0 USB Driver" = WinDriver 9.0.0.0 USB Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WizMouse_is1" = WizMouse v1.0.0.2
"xqdcXSP_is1" = XQDC X-Setup Pro 8.0.100

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-515967899-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{556DF27F-5B74-11D5-B876-004005E12EF1}" = GPSoftware Directory Opus
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"ReGetDx" = ReGet Deluxe

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2010 7:44:33 PM | Computer Name = PIXELDUCK0222 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 9/19/2010 7:44:34 PM | Computer Name = PIXELDUCK0222 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 3/26/2011 2:38:44 PM | Computer Name = PIXELDUCK0222 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 3/26/2011 2:38:46 PM | Computer Name = PIXELDUCK0222 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 3/26/2011 2:58:34 PM | Computer Name = PIXELDUCK0222 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 3/26/2011 3:17:24 PM | Computer Name = PIXELDUCK0222 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8107.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 3/26/2011 3:28:42 PM | Computer Name = PIXELDUCK0222 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8107.0, P4
4, P5 4, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 3/26/2011 5:29:39 PM | Computer Name = PIXELDUCK0222 | Source = pctsSvc.exe | ID = 0
Description =

Error - 4/1/2011 7:30:31 PM | Computer Name = PIXELDUCK0222 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/2/2011 5:41:38 PM | Computer Name = PIXELDUCK0222 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 4/1/2011 7:52:46 PM | Computer Name = PIXELDUCK0222 | Source = Service Control Manager | ID = 7034
Description = The EPSON Printer Status Agent2 service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/2/2011 5:14:54 AM | Computer Name = PIXELDUCK0222 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 4/2/2011 5:14:54 AM | Computer Name = PIXELDUCK0222 | Source = Service Control Manager | ID = 7000
Description = The ABS PortIO Service service failed to start due to the following
error: %%1058

Error - 4/2/2011 5:14:54 AM | Computer Name = PIXELDUCK0222 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 4/2/2011 5:36:19 PM | Computer Name = PIXELDUCK0222 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 4/2/2011 5:36:19 PM | Computer Name = PIXELDUCK0222 | Source = Service Control Manager | ID = 7000
Description = The ABS PortIO Service service failed to start due to the following
error: %%1058

Error - 4/2/2011 5:36:19 PM | Computer Name = PIXELDUCK0222 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 4/3/2011 6:57:58 AM | Computer Name = PIXELDUCK0222 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 4/3/2011 6:57:58 AM | Computer Name = PIXELDUCK0222 | Source = Service Control Manager | ID = 7000
Description = The ABS PortIO Service service failed to start due to the following
error: %%1058

Error - 4/3/2011 6:57:58 AM | Computer Name = PIXELDUCK0222 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon


< End of report >

Edited by PixelHo, 03 April 2011 - 10:27 AM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:03 PM

Posted 03 April 2011 - 03:57 PM

Hi,

did you disable your anti virus program before running gmer? The two may be interfering.

Please run a scan with RkU next:
Please download Rootkit Unhooker from one of the following links and save it to your desktop. Link 1 (.exe file) Link 2 (zipped file) Link 3 (.rar file) In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.
  • Double-click on RKUnhookerLE.exe to start the program. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 PixelHo

PixelHo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 03 April 2011 - 04:49 PM

Yes, AV and Comodo were disabled (including disabling their services) before running Gmer.

Here is the log from Rootkit Unhooker:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF012000 C:\WINDOWS\System32\MTXPARD.dll 2019328 bytes (Matrox Graphics Inc., Matrox Parhelia Display Driver)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB98D9000 C:\WINDOWS\system32\DRIVERS\MTXPARM.sys 1490944 bytes (Matrox Graphics Inc., Matrox Parhelia Miniport Driver)
0xB9B5A000 C:\WINDOWS\system32\drivers\P17.sys 1392640 bytes (Creative Technology Ltd., WDM Audio Miniport)
0xB9E00000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB933F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9757000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB9584000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBF1FF000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9AA0000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 262144 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xB9629000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 233472 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xB9A45000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 208896 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
0xB9B06000 C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 196608 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB97B5000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9DBD000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9098000 C:\WINDOWS\system32\DRIVERS\PTDUWWAN.sys 184320 bytes (DEVGURU Co., LTD., USB Wireless Network Adapter Device Driver (MSS Ver.3))
0xB93FF000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB989C000 C:\WINDOWS\system32\drivers\windrvr6.sys 167936 bytes (Jungo, WinDriver Device Driver 9.00)
0xB950E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9662000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB9AE0000 C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 155648 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB9536000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB90EB000 C:\WINDOWS\system32\DRIVERS\PTDUMdm.sys 155648 bytes (DEVGURU Co., LTD.(www.devguru.co.kr), USB Modem Device Driver (MSS Ver.3))
0xB90C5000 C:\WINDOWS\system32\DRIVERS\PTDUVsp.sys 155648 bytes (DEVGURU Co., LTD.(www.devguru.co.kr), USB Serial Port Device Driver (MSS Ver.3))
0xB9074000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9B36000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9CD1000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9CAE000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB944C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB942A000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EBA000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9DA3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9EF2000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xB905B000 C:\WINDOWS\System32\Drivers\dump_adpu160m.sys 102400 bytes
0xB95F0000 C:\WINDOWS\System32\Drivers\InCDfs.SYS 102400 bytes (Nero AG, InCD File System Driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9EDA000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9E8D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB97E5000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB9DEA000 inspect.sys 90112 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xB9EA4000 PQV2i.sys 90112 bytes (StorageCraft, StorageCraft Volume Snap-Shot)
0xAE90B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB98C5000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB95DD000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xAEF0F000 C:\WINDOWS\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xAE5CD000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA1A8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA188000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAE988000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA248000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA158000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA308000 C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\myscope.sys 53248 bytes (U.S. Robotics, Myscope Service)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB981C000 C:\WINDOWS\system32\DRIVERS\PTDUBus.sys 49152 bytes (DEVGURU Co., LTD., USB Composite Device Driver (MSS Ver.3))
0xBA218000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA318000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA168000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA208000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA118000 sbp2port.sys 45056 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA238000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA228000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA1C8000 C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\usrserft.sys 40960 bytes (U.S. Robotics, Myscope Filter)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA298000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAE5ED000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB91A1000 C:\Program Files\OO Software\DriveLED\oodleddr.sys 36864 bytes (O&O Software GmbH, O&O DriveLED supplementary driver)
0xBA2F8000 C:\WINDOWS\System32\Drivers\PQIMount.SYS 36864 bytes (PowerQuest Corporation, PQIMount.sys - PQI Image Mounting Device Driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3B8000 C:\WINDOWS\System32\DRIVERS\InCDPass.sys 32768 bytes (Nero AG, Ahead RW Filter Driver)
0xBA408000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA400000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA488000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA348000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA3A8000 C:\WINDOWS\System32\Drivers\GearAspiWDM.SYS 28672 bytes (GEAR Software Inc., CDRom Class Filter Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA3C8000 C:\WINDOWS\System32\Drivers\incdrm.SYS 28672 bytes (Nero AG, Ahead MRW Filter Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA430000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA4A8000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 24576 bytes (COMODO, COMODO Internet Security Helper Driver)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA478000 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE85E9B8-BB08-4A4C-A844-26492A7CD165}\MpKslaa2770f9.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xBA3A0000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA4B0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA490000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA3C0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA470000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA480000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA338000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA458000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA3D0000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAEF5C000 C:\WINDOWS\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9237000 C:\WINDOWS\System32\Drivers\dump_diskdump.sys 16384 bytes
0xB9D01000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB9D7F000 C:\WINDOWS\system32\drivers\NeroCd2k.sys 16384 bytes (Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: info@nero.com, Nero Filter Driver)
0xB9D41000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xB9D29000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB92A3000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB973F000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB9747000 C:\WINDOWS\System32\Drivers\InCDrec.SYS 12288 bytes (Nero AG, InCD File System Recognizer)
0xB93CF000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9D21000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9737000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xAEF24000 C:\WINDOWS\system32\Drivers\uphcleanhlp.sys 12288 bytes
0xBA5E0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5DC000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5E4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5EE000 C:\WINDOWS\system32\DRIVERS\Mtxparmx.sys 8192 bytes (Matrox Graphics Inc., mtxparmx)
0xBA5AE000 PenClass.sys 8192 bytes (Wacom Technology Corporation, Pen Class Driver)
0xBA5FE000 C:\WINDOWS\system32\DRIVERS\PTDUWFLT.sys 8192 bytes (DEVGURU Co., LTD., USB Wireless Network Adapter Filter Driver)
0xBA5E8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5C2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5BC000 C:\WINDOWS\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7C0000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA68C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA70C000 C:\WINDOWS\system32\drivers\io.sys 4096 bytes
0xBA6E5000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:03 PM

Posted 03 April 2011 - 05:00 PM

Hi,

have you since tried to install Photoshop again? Does it still crash?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 PixelHo

PixelHo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 03 April 2011 - 05:07 PM

Hi,

have you since tried to install Photoshop again? Does it still crash?

regards myrti


I know you overlooked this so here it is again:

I reverted back to a computer image I made in Sept. 2010 and CS5 installed successfully. However, being curious, I tried to run both GMER and Combofix. Neither one ran. Double clicking on GMER just locked up my computer, while Combofix got to the pre-scanning stage ("take about ten minutes" etc.) but never progressed to any of the actual scanning stages.

Same results in safe mode.


SO, the Photoshop install went well, but Gmer and Combofix failed to run. It was at this point that I turned to Bleeping Computer for help. Boopme had me attempt to run a DDS scan, which also failed (see post #1 in this thread).

Thanks.

Edited by PixelHo, 03 April 2011 - 05:08 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:03 PM

Posted 03 April 2011 - 05:21 PM

Hi,

sorry I missed that Photoshop finally installed. I was aware that you posted about ComboFix and gmer not running. The fact that gmer and combofix both failed to run don't necessarily mean that you are infected. In fact both use similar tactics to check for rootkits and therefore it is not surprising that both will fail. DDS also shares this same method. So basically the three failing is more consistent than just one of them failing. :wink:
Not all programs run on all PCs, this has sometimes to do with software and sometmies to do with hardware. I'm inclined to say that your PC just doesn't like gmer's tools.

Of course, these kind of blocks can also be caused by malware, however I asked you to run alternate tools to DDS and gmer (OTL and RkU) and they ran fine and show no malware. So I'm inclined to believe it is a hardware/software issue.

Just to be safe I'd like you to run a scan with Malwarebytes as well, but I believe you are clean:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

I see that Esetscanner is installed too, when did you run a scan with tha tonline scanner?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 PixelHo

PixelHo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 03 April 2011 - 06:56 PM

Hi,

I didn't have an option to scan all the drives except in full scan mode. Here is the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6261

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/3/2011 7:47:47 PM
mbam-log-2011-04-03 (19-47-47).txt

Scan type: Quick scan
Objects scanned: 181934
Time elapsed: 1 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

So it looks like a clean machine?

The thing with Gmer and Combofix, et al. is weird because I've run them with no problem in the past, but it's been several months ago. At that time, Combofix killed something but I don't recall what it was (I know, I shouldn't run it unsupervised. Sorry.)

Let me know if we need to do anything else. I really appreciate your help with this.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:03 PM

Posted 03 April 2011 - 07:00 PM

hi,

yes, please also run a scan with Eset just to be safe:
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


ComboFix is updated very frequently, often several times a day. That it was working in the past, doesn't mean it will work today. That it is not working now doesn't mean, it won't work in the future.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 PixelHo

PixelHo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 04 April 2011 - 03:57 AM

That took awhile. :)

The only thing it found was in some ancient app on a drive where I store stuff from ages ago.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=a38a108f60d91347afc43ff6a8ae594a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-04 07:13:51
# local_time=2011-04-04 02:13:51 (-0500, US Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 37158565 37158565 0 0
# compatibility_mode=3073 16777213 80 75 0 17937008 0 0
# compatibility_mode=5891 16776869 42 87 0 12984258 0 0
# compatibility_mode=8192 67108863 100 0 19619758 19619758 0 0
# scanned=290502
# found=1
# cleaned=0
# scan_time=21836
F:\System & App Archive\Fax\32Bit_Fax_9.20.01.zip probably a variant of Win32/TrojanDropper.Agent.NBMLZRZ trojan (unable to clean) 00000000000000000000000000000000

This fax app is not installed on my computer and never has been. I can delete the zip file if you want.

I overlooked your question about the last scan with the eset online scanner. I usually run it about once a week but I hadn't run it since I restored my HD image (at the beginning of this adventure).

Thanks for the heads-up on Combofix.

Edited by PixelHo, 04 April 2011 - 08:21 AM.


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:03 PM

Posted 04 April 2011 - 09:31 AM

Hi,

I would be inclined to believe it is a false positive, if you know that the utlity is legit. If you don't know what the zip does, it might be safer to delete it though. :wink:

I think your logs are clean, hence as a last step before removing the tools we used, I'd like you to update some software:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 23 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • Once the installation is finished, open Adobe Reader and accept the warranty if prompted.
  • Click on Help and select Check for Updates.
  • A window will open and Adobe will check for Updates. If any updates are found to be available click on Download.
  • Once the update is downloaded you will get a system notification telling you so. Click on the popup to restore the window.
  • In the window that opens click Install.
  • Once the update is done click Close.
Your Adobe Reader is now up to date!

reagrds myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 PixelHo

PixelHo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 04 April 2011 - 04:44 PM

Ok, updates installed as requested.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:03 PM

Posted 05 April 2011 - 06:29 AM

Hi,

great, last step then would be to remove the tools we used:

Please do the following to clean up your PC:
  • Delete the tools used during the disinfection:
  • Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      Posted Image
    • I know that ComboFix didn't run, but it should uninstall normally. If not pelase let me know.
    • Download OTC from the following mirror and save it to your desktop:
    • Double click on Posted Image
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  • If OTC faild to remove all programs from your Desktop, please delete the rest manually.
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 PixelHo

PixelHo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 05 April 2011 - 04:10 PM

OK, unless you think of something else I guess we're all squared away.

Thanks for taking time to do this. I'm almost sorry we didn't find something, but I guess that's kind of like wishing for a disease so you can be cured of it.

Best Regards,
Howard




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users